FAREIT was discovered in 2012 and has been undergoing changes to bypass anti-virus detection. It is now one of the most successful information stealers deployed in spam campaigns. The source code of the malware has been leaked publicly, enabling cybercriminals to use it in their attack campaigns.
The current spam campaign of Fareit involves emails with order confirmation or contract, product inquiry and product order request sent to marketing officers of different companies. The malicious spam uses different file extensions such as .iso, .bat, .com, .cab or .scr attachments. This information steales sends the data it gathers from its victims to a compromised server.
Its most common routines include:
It is capable of the following:
FAREIT typically follows the infection chain below: