Home / malware PWS:Win32/Karagany.A
First posted on 21 April 2012.
Source: MicrosoftAliases :
PWS:Win32/Karagany.A is also known as Trojan.Win32.FraudPack.cmed (Kaspersky), Trojan.FraudPack!TwMovu9D2sg (VirusBuster), TR/Code.txk (Avira), Trj/Lukicsel.A (Panda), Trojan.Win32.FraudPack (Sunbelt Software).
Explanation :
PWS:Win32/Karagany.A is a DLL file that steals FTP credentials from certain programs, if they are installed in the computer.
Top
PWS:Win32/Karagany.A is a DLL file that steals FTP credentials from the following programs, if they are installed on the computer:
- BulletProofFTP
- CoffeeCupFTP
- DevZeroG
- FileZilla
- SmartFTP
- TotalCommander
- WebDrive
- WinSCP
The stolen FTP credentials can be used to establish an FTP connection to the compromised computers.
PWS:Win32/Karagany.A has been observed to be dropped by variants of the Eyestye family. It may be present in the Temporary Files folder as a randomly named file such as the following:
%TEMP%\_82B6.tmp
Analysis by Francis Allan Tan Seng & Jaime Wong
Last update 21 April 2012
