Trojan-PSW:W32/Steam

Classification

Category :

Malware

Type :

Trojan-PSW

Aliases :

Trojan-PSW:W32/Steam, Trojan-PSW:W32/Steam, Gen:Trojan.Heur.@t3arb0WtcDaO, Trojan-PSW.Win32.Dumbnod

Summary

This type of trojan steals passwords and other sensitive information. It may also secretly install other malicious programs.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Trojan-PSW:W32/Steam is a generic description for a family of password-stealing trojans that captures keystrokes on the infected machine and sends the collected information to the attacker(s).

Activity

Once the trojan is executed, it nstalls a keylogger program to record keystrokes entered into the infected machine. The captured information is encrypted and stored on the machine's physical drive. The trojan will then send the log file to the attacker(s).The encrypted file can only be viewed by a built-in view if the variant creating the file is generated by a backdoor's client application. For example, a variant generated by Backdoor:W32/PoisonIvy includes a built-in viewer allowing the encrypted file to be viewed.Some Steam variants also include the following functionalities:

  • A component that monitors browser activity and only captures keystrokes entered when specific e-commerce or banking websites are visited
  • The ability to capture screenshots, allowing them to bypass some graphic-based security features
  • The ability to inject their code into a running Windows application to perform further malicious activities, such as downloading and executing other malicious files from Internet