SecurityHome.eu Trojan:Win32/YYpass.A

Home / malware PDF

Trojan:Win32/YYpass.A

First posted on 26 October 2011.
Source: SecurityHome
Aliases :
Trojan:Win32/YYpass.A is also known as PSW.OnlineGames3.BOIM (AVG), Trojan-PSW.Win32.Agent.xnz (Kaspersky).
Explanation :
Trojan:Win32/YYpass.A is a trojan that steals user logon credentials for a chat application created by YY Software.

Top

Trojan:Win32/YYpass.A is a trojan that steals user logon credentials for a chat application created by YY Software.

Installation

The trojan may be distributed as a chat program, such as "YYè¯éÂŸ³.exe" (YY Voice). When run, Trojan:Win32/YYpass.A attempts to terminate the YY Voice process which results in logging a user out of an active session. The trojan then displays an imitation login screen for the YY Voice application, as shown below:

Payload

Steals login credentials
Credentials entered by the user are captured and sent via SMTP to an attacker for collection.

Analysis by Zhitao Zhou

Last update 26 October 2011

TOP

Malware :

Last 20

Family:

Trojan:Win32/YYpass.A