“Scammers send out letters with tickets, thereby distributing the Win32 / PSW.Fareit Trojan to steal passwords from browsers and email applications. The potential victim receives an e-mail notification on behalf of the airline Delta Air Lines. The letter says that the ticket to Washington has been successfully paid and can be downloaded from the link”, said the IT security company ESET in a statement.
Clicking on the link, the victim is invited to download a Microsoft Office document that contains a malicious macro. After enabling it, the user activates the process of infection with the Win32 / PSW.Fareit Trojan, which is designed to steal logins and passwords stored in Internet browsers Internet Explorer, Google Chrome, Mozilla Firefox and etc, as well as in applications for working with e-mail Windows Live Mail and Mozilla Thunderbird.
Trojan sends stolen passwords to hackers, then it leaves the system and erases traces of its activity.