HackTool:Win32/Mailpassview is a freeware tool that is used to display passwords for a number of email applications.
It has a graphical user interface (GUI), but can be run without being displayed to the affected user by utilizing command line switches to save the captured password information to various formats. It can show passwords for the following email applications:
A configuration file named <filename>.cfg is dropped in the folder the program runs from, f
Mailpv.exe would drop Mailpv.cfg.
An image of the tool is shown below:
In the wild, we have observed HackTool:Win32/Mailpassview
being used by Trojan:Win32/Nedsym
in order to steal passwords from affected users.
Analysis by Michael Johnson
Alerts from your security software may be the only symptom.