Skip to main content
Home Fareit

Fareit

Also known as: Pony, Pony Stealer, Siplog, Fareit Stealer, Fareit Trojan

Category: Trojan

Type: Information stealer

Platform: Windows (primary), Linux and MacOS (less common)

Variants: Win32/Fareit, Trojan.PWS.Pony, JS_DLOADR.JBNZ, TSPY_FAREIT, TSPY_FAREIT, PDF_FAREIT.AK, JS_DLOAD.CRYP, PDF_FAREIT.BYX, TSPY_FAREIT.YOI, TROJ_CRYPWAL.YOI, TrojanSpy.Win32.FAREIT.TBCXQ, TrojanSpy.Win32.FAREIT.UHBAZCLIM, TrojanSpy.Win32.FAREIT.TBCXD, TrojanSpy.Win32.FAREIT.THDBEBO, TrojanSpy.Win32.FAREIT.TIOIBOCYC, DDoS:Win32/Fareit.gen!A, Fareit.Linux (Linux version), Fareit.Mac (MacOS version)

Damage potential: Credential theft, data exfiltration, potential for secondary infections, DDoS attacks, cryptocurrency theft, leaked banking credentials.

Overview

Fareit, also known as Pony or Pony Stealer, is a sophisticated infostealer trojan that captures stored login credentials and other sensitive information from Windows systems. This malware is so sneaky and sophisticated that it can evade security measures like antivirus software or intrusion detection mechanisms by injecting itself into running processes. This makes Fareit hard to detect and remove.

Typically, Fareit hides in phishing emails, malicious attachments, and compromised websites. Once it gets into a system, it scans web browsers, FTP clients, email clients, and other applications for stored credentials. The stolen information is then transmitted to a remote server controlled by the attacker. This is where the trouble starts — cybercriminals may use your data for further attacks, sell it on the dark web, or exploit it for financial gain.

In addition to stealing credentials, Fareit can also hijack your system and turn it into part of a botnet. That means the device could end up sending spam or spreading more infections.

Possible symptoms

Fareit may silently run in the background without showing any apparent symptoms. However, take immediate action if you notice any of the following signs.

  • Unusually slow system performance or unexpected crashes.
  • Unfamiliar network activity and outbound connections.
  • Unauthorized activity in online accounts and unusual login attempts.
  • Random services running on the system.
  • Changes in browser settings that you didn’t initiate.

Sources of infection

Like similar Trojans, Fareit infects systems through malicious attachments in phishing emails and instant messages. Users unknowingly download the trojan by clicking on these malicious attachments or links. In addition to emails, users often download Fareit bundled with software from compromised websites hosting exploit kits. It may also hide in malicious ads or drive-by downloads.

Protection

Knowing what countermeasures you can take to prevent Fareit from infecting your device can save you some trouble. Follow the steps above to protect your system:

  • Protect your email. Filter your emails to keep phishing emails away from your inbox and avoid malicious attachments.
  • Keep your software up to date. Patch your software and apps against known vulnerabilities by installing the latest updates.
  • Use strong passwords. Create unique and complex passwords containing upper- and lower-case letters, along with numbers and special characters.
  • Get reputable security software. Set up firewalls and purchase trusty antivirus software and anti-malware solutions.
  • Use Threat Protection Pro™. Get NordVPN along with Threat Protection Pro™ which will scan your downloads for malware.

Removal

If you notice weird system behavior and suspect your computer has been infected with Fareit, immediately run an antivirus scan and remove the trojan.

The malware may persist. If it does, disconnect your machine from the network and restart it in safe mode to prevent Fareit from loading. Open Task Manager and turn off suspicious programs running in the background. Then, search for the Fareit registry entries and delete them. Finally, restart the computer and scan it again to ensure the malware is gone for good.