<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p><img class="alignnone size-full wp-image-2591" src="http://cdn2.hubspot.net/hubfs/2548414/Imported_Blog_Media/pony.jpg" alt="pony" width="350" height="297"></p> <p>Fareit, also known as Pony, is a data stealing Trojan that can decrypt or unlock passwords for over <a href="https://www.knowbe4.com/pony-stealer">110 different applications</a>, including VPN, FTP, email, instant messaging, web browsers and much more. It is also capable of stealing a victim’s bitcoin wallets. Once it has collected its victim's data, Fareit uploads these stolen credentials to a remote Command and Control (C2) server the criminal has access to. Fareit is very dangerous because its infection on a computer can make the device part of a botnet, allowing the malware to use it to infect other devices.</p> <!--more--><p>A typical attack is executed using a phishing e-mail containing a malicious attachment. One of the most concerning aspects of Fareit/Pony &nbsp;is having the source code fully available and free to download online, meaning that anyone with the correct level of knowledge and motivation could use it to set up a botnet.</p> <p>Detected as early as <a href="https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=PWS:Win32/Fareit.A">2011</a>, Fareit is not a new threat. It initially started as a malware downloader, but has evolved into its current form over time. Recently, Fareit has spread through spam email campaigns using MIME HTML files, which are generally used to archive webpages.</p> <p>ThreatSTOP customers are protected from Fareit/Pony if they have TS Crit targets enabled in their policies.</p></span>
![Bad Domain of the Week: D-D-Don't mess with ddd[.]com](https://www.threatstop.com/hs-fs/hubfs/ddd.png?width=600&name=ddd.png)
