Also known as: Trojan-PWS, Trojan-PSW
Category: Malware
Type: Trojan
Platform: Windows (32-bit)
Damage potential: Stolen passwords, unauthorized account access, data theft, further malicious downloads, file manipulation, and damage
Overview
PSW.Stealer is a computer trojan that steals passwords and other sensitive information from Windows operating systems. Typically, the trojan steals online banking information (e.g., login credentials), port numbers, IP addresses, or system certificates. Additionally, PSW.Stealer can monitor browsing activity, install malicious software, or change system files.
Possible symptoms
PSW.Stealer is designed to operate without being detected, but it does have several possible symptoms. The most common sign of a PSW.Stealer infection is sluggish system performance, especially during startup
Other possible signs of a PSW.Stealer infection include:
- Programs taking unusually long times to load, start, or respond.
- Unexpectedly turned off security software.
- Unexpected system crashes, freezes, and restarts.
- Unauthorized network activity, like increased data usage.
- Suspicious pop-ups and redirects to unfamiliar websites.
- Modified browser settings, like your default search engine or homepage.
- Unusual hard drive activity (like when you’re not using the computer).
- Disabled system utilities (e.g., task manager or registry editor).
Sources of the infection
PSW.Stealer is often distributed as part of a trojan dropper — a program designed to silently deliver and install trojans on the victim’s machine. Trojan droppers can reach the victim’s device in several ways, such as phishing emails, infected downloads, or malicious websites.
Common ways PSW.Stealer may infect your device:
- Social engineering attacks. Attackers may spread PSW.Stealer by tricking users into downloading and running malware.
- Drive-by downloads. PSW.Stealer may exploit security vulnerabilities in the user’s browser to install malware.
- File-sharing networks. PSW.Stealer may spread when users unknowingly share infected files on peer-to-peer (P2P) networks.
Protection
You can minimize your chances of a PSW.Stealer infection by taking several security precautions.
- Regularly update your software. Attackers often exploit security vulnerabilities to install PSW.Stealer on your device. Software updates often patch up these vulnerabilities, so update your systems as soon as you can.
- Browse responsibly. Don’t click on suspicious links, visit dubious websites or download anything from unofficial sources. If you get a prompt to download or execute a program while browsing, decline until you’re sure it’s safe.
- Beware of phishing emails. Attackers often use emails to spread malware through attachments and malicious links. Be cautious if you receive an email from an unknown sender or even someone you know (especially if their tone seems unusually urgent).
- Use Threat Protection Pro. This advanced NordVPN feature blocks malicious websites, putting a stop to automatic (drive-by) downloads. Additionally, it helps prevent malware infections by scanning the files you download.
- Use a secure password manager. NordPass is a reliable password manager that keeps your passwords and other sensitive information in encrypted virtual storage. Consider using NordPass to increase your password security.
Removal
PSW.Stealer is designed to avoid detection from traditional antivirus software, so removing it may be challenging. You may need to disconnect from the internet and use specialized malware removal software to thoroughly scan and clean your system.