1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Virus Descriptions
  6. Trojan-PSW:W32/Steam

Trojan-PSW:W32/Steam

Name : Trojan-PSW:W32/Steam
Detection Names : Gen:Trojan.Heur.@t3arb0WtcDaO
Trojan-PSW.Win32.Dumbnod
Aliases : PWS-Steam trojan (McAfee)
PWS:Win32/Steam (Microsoft)
Category:Malware
Type:Trojan-PSW
Platform:W32

Summary

This type of trojan steals passwords and other sensitive information. It may also secretly install other malicious programs.

Additional Details

Trojan-PSW:W32/Steam is a generic description for a family of password-stealing trojans that captures keystrokes on the infected machine and sends the collected information to the attacker(s).


Activity

Once the trojan is executed, it nstalls a keylogger program to record keystrokes entered into the infected machine. The captured information is encrypted and stored on the machine's physical drive. The trojan will then send the log file to the  attacker(s).

The encrypted file can only be viewed by a built-in view if the variant creating the file is generated by a backdoor's client application. For example, a variant generated by Backdoor:W32/PoisonIvy includes a built-in viewer allowing the encrypted file to be viewed.

Some Steam variants also include the following functionalities:

  • A component that monitors browser activity and only captures keystrokes entered when specific e-commerce or banking websites are visited
  • The ability to capture screenshots, allowing them to bypass some graphic-based security features
  • The ability to inject their code into a running Windows application to perform further malicious activities, such as downloading and executing other malicious files from Internet