On Wednesday we talked about a phishing exploit that used malware to provide remote access and steal the personal information of the victims. Today we continue the story with a similar exploit, called “Fareit” to “ferret out” the user credentials and other personal information the victims.
This exploit uses a phishing email to send the target either a PDF attachment or a Word attachment. The PDF variant uses Windows Powershell to install. The Word document uses embedded macros to do the job. It is installed in a way that will avoid detection by most anti-malware products.
This exploit explores the computer, looking for:
- email account credentials
- domain name credentials
- banking credentials
- web-browser auth cookies
- FTP server credentials
- BitCoin credentials
This information is used to extend the exploit, or may be gathered into a package and sold on the Dark Web. Learn how to spot a phish, and stay vigilant. When in doubt, do not click. And use VirusTotal to check out the attachment.