PWS:Win32/Ldpinch.QZ is a member of Win32/Ldpinch - a family of trojans that steals sensitive information from affected machines and sends it to a remote attacker. In particular, Ldpinch variants target passwords for a comprehensive selection of FTP, chat and e-mail clients, as well as those stored by browsers and in protected storage.

PWS:Win32/Ldpinch.OG is a member of Win32/Ldpinch - a family of trojans that steals sensitive information from affected machines and sends it to a remote attacker. In particular, Ldpinch variants target passwords for a comprehensive selection of FTP, chat and e-mail clients, as well as those stored by browsers and in protected storage.

WinNT/Ldpinch is a rootkit driver that is dropped by some variants of Win32/Ldpinch.

 

Win32/Ldpinch is a family of password-stealing trojans. This trojan gathers private user data such as passwords from the host computer and sends the data to the attacker at a preset e-mail address. The Win32/Ldpinch trojans use their own Simple Mail Transfer Protocol (SMTP) engine or a web-based proxy for sending the e-mail, thus copies of the sent e-mail will not appear in the affected user's e-mail client.

PWS:Win32/Ldpinch.VA is a password-stealing trojan that masquerades as a tool to bypass Microsoft Windows Vista authentication. The trojan steals usernames, passwords and other data, and installs a backdoor on the impacted system. PWS:Win32/Ldpinch.VA will either use an existing FTP server, if found, or create its own FTP server and send the account details to the attacker. PWS:Win32/Ldpinch.VA also creates a proxy server and establishes a remote shell on the infected system, providing remote attackers the ability to create, download, upload, rename, and execute files.

Win32/Ldpinch is a family of password-stealing trojans. This trojan gathers private user data such as passwords from the host computer and sends the data to the attacker at a preset e-mail address. The Win32/Ldpinch trojans use their own Simple Mail Transfer Protocol (SMTP) engine or a web-based proxy for sending the e-mail, thus copies of the sent e-mail will not appear in the affected user's e-mail client.

PWS:Win32/Ldpinch.HK is a member of Win32/Ldpinch - a family of trojans that steals sensitive information from affected machines and sends it to a remote attacker. In particular, Ldpinch variants target passwords for a comprehensive selection of FTP, chat and e-mail clients, as well as those stored by browsers and in protected storage.

PWS:Win32/Ldpinch.M is a member of Win32/Ldpinch - a family of trojans that steals sensitive information from affected machines and sends it to a remote attacker. In particular, Ldpinch variants target passwords for a comprehensive selection of FTP, chat and e-mail clients, as well as those stored by browsers and in protected storage.

PWS:Win32/Ldpinch.QP is a member of Win32/Ldpinch - a family of trojans that steals sensitive information from affected machines and sends it to a remote attacker. In particular, Ldpinch variants target passwords for a comprehensive selection of FTP, chat and e-mail clients, as well as those stored by browsers and in protected storage.

PWS:Win32/Ldpinch.UN is a member of Win32/Ldpinch - a family of trojans that steals sensitive information from affected machines and sends it to a remote attacker. In particular, Ldpinch variants target passwords for a comprehensive selection of FTP, chat and e-mail clients, as well as those stored by browsers and in protected storage.

PWS:Win32/Ldpinch.IA is a member of Win32/Ldpinch - a family of trojans that steals sensitive information from affected machines and sends it to a remote attacker. In particular, Ldpinch variants target passwords for a comprehensive selection of FTP, chat and e-mail clients, as well as those stored by browsers and in protected storage.

PWS:Win32/Ldpinch.TN is a member of Win32/Ldpinch - a family of trojans that steals sensitive information from affected machines and sends it to a remote attacker. In particular, Ldpinch variants target passwords for a comprehensive selection of FTP, chat and e-mail clients, as well as those stored by browsers and in protected storage.

PWS:Win32/Ldpinch.IF is a member of Win32/Ldpinch - a family of trojans that steals sensitive information from affected machines and sends it to a remote attacker. In particular, Ldpinch variants target passwords for a comprehensive selection of FTP, chat and e-mail clients, as well as those stored by browsers and in protected storage.

WinNT/Ldpinch is a rootkit driver that is dropped by some variants of the greater Win32/Ldpinch family.

 

Win32/Ldpinch is a family of password-stealing trojans. This trojan gathers private user data such as passwords from the host computer and sends the data to the attacker at a preset e-mail address. The Win32/Ldpinch trojans use their own Simple Mail Transfer Protocol (SMTP) engine or a web-based proxy for sending the e-mail, thus copies of the sent e-mail will not appear in the affected user's e-mail client.

PWS:Win32/OnLineGames.FT is detection for a trojan that steals user data related to online games, including program registration keys, passwords, keystrokes and other related information.

This threat is a backdoor trojan with the following components:

• Web shell command-and-control (C2) client binary
• Text-based Web shell payload (server component)

A trojan might steal your personal information, download more malware, or give a malicious hacker access to your device.

For information about this trojan and other human-operated malware campaigns, read these blog posts: 

• Flax Typhoon using legitimate software to quietly access Taiwanese organizations
• Analysis of Storm-0558 techniques for unauthorized email access
• Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

TrojanDropper:Win32/Ldpinch is a trojan that drops or installs a copy of Win32/Ldpinch, a password-stealing trojan. This trojan gathers private user data, such as passwords, from the host computer and sends the data to the attacker at a preset e-mail address. The Win32/Ldpinch trojans use their own Simple Mail Transfer Protocol (SMTP) engine or a web-based proxy for sending the e-mail, thus copies of the sent e-mail will not appear in the affected user's e-mail client.