Home / malware PWS:Win32/Frethog.gen!B
First posted on 18 March 2020.
Source: MicrosoftAliases :
PWS:Win32/Frethog.gen!B is also known as PWS-LegMir.dll, Infostealer.Gampass, Trojan-PSW.Win32.OnLineGames.oz, TSPY_ONLINEG.BGG, Troj/Lineag-Gen.
Explanation :
PWS:Win32/Frethog .gen!B is a DLL component dropped by one variant of Win32/Frethog - a large family of password-stealing trojans that targets confidential data, such as account information, from Massive Multiplayer Online Role Playing Games (MMORPG). Installation When executed, Win32/Frethog drops a DLL with a randomly generated file name and injects it into explorer.exe. It may modify the following registry entry in order to load the installed DLL at each Windows start: Modifies value: "AppInit_DLLs" With data: [path to the dll] In subkey: HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows Payload Steals Online Game Data This trojan may steal online game passwords and other login related data and upload the captured information to a predefined remote server. Terminates Processes This trojan attempts to kill popular security related processes, like AVP, Ravmon, etc. Additional Information Please refer to our detailed Win32/Frethog family analysis for more information. Analysis by Wei Li
Last update 18 March 2020
