The Fareit malware was discovered in 2012 and has been undergoing evolution to bypass antivirus detection. It is now one of the most successful information stealers deployed in malspam campaigns. The source code of the malware has been leaked on the Internet which enabled any malware author to use it in their attack campaigns.
The current malspam campaign of Fareit involves emails with order confirmation or contract, product inquiry and product order request sent to marketing officers of different companies. The malicious spam uses different file extensions such as .iso, .bat, .com, .cab or .scr attachments. This Trojan-Spyware sends the data it gathers from its victims to a compromised server.
- Steals stored account information used in different installed File Transfer Protocol (FTP) clients or file manager software
- Steals stored email credentials of different mail clients
- Gets stored information such as user names, passwords, and hostnames from different browsers
- Performs brute forcing capabilities on local accounts based on acquired password list
- Replicates other Remote Desktop Protocol (RDP) utilities’ mutexes to mask execution in the background, then deletes itself after execution
- Downloads additional malware payload
- Information Theft
- Download Routine
- Violation of user privacy - gathers user credentials and steals user information
Spam Message Sample
|Detection||Pattern Version||Release Date|
| ||ENT OPR 15.255.00||July 24, 2019|
Predictive Learning Machine
|Pattern Version||Release Date|
|AS Pattern 4798||July 25, 2019|
Solution Map: What to do?
|Product||Latest Version||Virus Pattern||Antispam||Network Pattern||Behavior Monitoring||Predictive Learning Machine||Web Reputation|
|Apex One||2019||Update Pattern via |
|N/A||N/A||Enable Behavior Monitoring and |
update pattern via
|Enable Predictive Machine Learning||Enable Web Reputation Service and |
update pattern via
|Worry-Free Business Security||Standard (10.0)|
|Advanced (10.0)||Update pattern via |
|Deep Security||12.0||Update pattern via |
|Deep Discovery Email Inspector||3.5||Update pattern via |
|Update pattern via |
|InterScan Messaging Security||9.1|
|InterScan Web Security||6.5|
|Deep Discovery Inspector||5.5|
- Make sure to always use the latest pattern available to detect the old and new variants of FAREIT malware.
- Refer to the KB article on Recommendations on how to best protect your network using Trend Micro products.
- You can also check the article on Submitting suspicious or undetected virus for file analysis to Technical Support.
- For support assistance, contact Trend Micro Technical Support.