Fareit, also known as Pony, is a data stealing Trojan that can decrypt or unlock passwords for over 110 different applications, including VPN, FTP, email, instant messaging, web browsers and much more. It is also capable of stealing a victim’s bitcoin wallets. Once it has collected its victim's data, Fareit uploads these stolen credentials to a remote Command and Control (C2) server the criminal has access to. Fareit is very dangerous because its infection on a computer can make the device part of a botnet, allowing the malware to use it to infect other devices.
A typical attack is executed using a phishing e-mail containing a malicious attachment. One of the most concerning aspects of Fareit/Pony is having the source code fully available and free to download online, meaning that anyone with the correct level of knowledge and motivation could use it to set up a botnet.
Detected as early as 2011, Fareit is not a new threat. It initially started as a malware downloader, but has evolved into its current form over time. Recently, Fareit has spread through spam email campaigns using MIME HTML files, which are generally used to archive webpages.
ThreatSTOP customers are protected from Fareit/Pony if they have TS Crit targets enabled in their policies.