Magania is a large family of login/password stealing trojans that are reportedly made in China.

These trojans can usually be found in e-mails, that are spammed by hackers. An infected e-mail typically contains a single executable file attachment. In most cases such an attachment is a self-extracting RAR archive that contains at least one more embedded archive. In one of these archives there's always a Magania trojan sample.

Once an infected attachment is run, it usually displays an image as a decoy. At the same time the trojan's payload is activated. The trojan installs itself to the system by copying itself to one of the Windows subfolders or to the Windows System folder. It then drops a DLL file that represents the main spying component. The trojan registers the dropped DLL as a component of Internet Explorer, so it always has access to the Internet and can monitor URLs that are visited in the browser.

The main purpose of the trojan is to steal logons and passwords from users who play on-line games, provided by Gamania.

With the stolen information a hacker can logon onto a game using the stolen credentials and manipulate someone's game character. For example, the hacker can transfer valuable items that someone's character possesses to a secret location, where they can be picked up by another character, played by the hacker. Some hackers sell the stolen information to the highest bidder. It should be noted that some on-line games allow users to sell their character's possessions for real cash, so the motivation behind the creation of such trojans is to steal virtual goods and to convert those goods into real-world cash.

Last update 07 September 2007

 

TOP