Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Emerging Threat on FAREIT Resurgence

    • Updated:
    • 2 Aug 2019
    • Product/Version:
    • Apex One
    • Deep Discovery Inspector
    • Deep Security
    • Interscan Messaging Security Virtual Appliance
    • Interscan Web Security Virtual Appliance
    • OfficeScan
    • Worry-Free Business Security Advanced
    • Worry-Free Business Security Standard
    • Platform:
    • N/A N/A
Summary

The Fareit malware was discovered in 2012 and has been undergoing evolution to bypass antivirus detection. It is now one of the most successful information stealers deployed in malspam campaigns. The source code of the malware has been leaked on the Internet which enabled any malware author to use it in their attack campaigns.

The current malspam campaign of Fareit involves emails with order confirmation or contract, product inquiry and product order request sent to marketing officers of different companies. The malicious spam uses different file extensions such as .iso, .bat, .com, .cab or .scr attachments. This Trojan-Spyware sends the data it gathers from its victims to a compromised server.

Behavior

  • Steals stored account information used in different installed File Transfer Protocol (FTP) clients or file manager software
  • Steals stored email credentials of different mail clients
  • Gets stored information such as user names, passwords, and hostnames from different browsers
  • Performs brute forcing capabilities on local accounts based on acquired password list
  • Replicates other Remote Desktop Protocol (RDP) utilities’ mutexes to mask execution in the background, then deletes itself after execution
  • Downloads additional malware payload

Capabilities

  • Information Theft
  • Download Routine

Impact

  • Violation of user privacy - gathers user credentials and steals user information

Infection Routine

Fareit Infection Details

Spam Message Sample

Sample Spam message

Details
Public

File Reputation

DetectionPattern VersionRelease Date
  • TrojanSpy.Win32.FAREIT.SMS.hp
  • TrojanSpy.Win32.FAREIT.TIOIBOCTK
  • Trojan.Win32.FAREIT.UHBAZCJ
  • Trojan.W97M.FAREIT.AM
  • Trojan.BAT.FAREIT.AC
ENT OPR 15.255.00July 24, 2019

Predictive Learning Machine

DetectionPattern Branch
BKDR.Win32.TRX.XXPE50FFF031In-the-cloud

Behavior Monitoring

URLPattern Branch
URL ProtectionIn-the-cloud

Antispam

Pattern VersionRelease Date
AS Pattern 4798July 25, 2019

Solution Map: What to do?

ProductLatest VersionVirus PatternAntispamNetwork PatternBehavior MonitoringPredictive Learning MachineWeb Reputation
Apex One2019Update Pattern via
web console
N/AN/AEnable Behavior Monitoring and
update pattern via
web console
Enable Predictive Machine LearningEnable Web Reputation Service and
update pattern via
web console
OfficeScanXG
Worry-Free Business SecurityStandard (10.0)
Advanced (10.0)Update pattern via
web console
Deep Security12.0Update pattern via
web console
N/A
Deep Discovery Email Inspector3.5Update pattern via
web console
Update pattern via
web console
N/AN/A
InterScan Messaging Security9.1
InterScan Web Security6.5
Deep Discovery Inspector5.5

Recommendation

Threat Report

Blogs

Premium
Internal
Rating:
Category:
Troubleshoot; Remove a Malware / Virus; SPEC
Solution Id:
1118407
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.