Home / malwarePDF  


First posted on 23 April 2020.
Source: Microsoft

Aliases :

There are no other names known for PWS:Win32/Ceekat.gen!A.

Explanation :

Win32/Ceekat is a collection of trojans that steal information such as passwords for online games. Generally they can do this by reading information directly from running processes in memory. The processes each Ceekat variant targets are very specific, and may be associated with any number of applications, and not necessarily limited to online games.   Ceekat can also inject code into Internet Explorer's process to hook the functions send and sendto, and intercept information sent via IE to particular URLs. For example, one variant intercepts passwords sent through a 'change password' form located on the sde.sohu.com domain Once Ceekat has captured these details, it transmits them to a remote server via HTTP POST. Some variants of Ceekat may download and execute other malware.  Analysis by Hamish O'Dea

Last update 23 April 2020