Riskware/PassView

description-logoAnalysis

Riskware/PassView is a generic detection for a riskware, this is synonymous to Generic PUA or Generic PUP. Since this is a generic detection, riskware that are detected as Riskware/PassView may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • Files detected as Riskware/PassView fall under the category of password recovery tools and is classified as greyware.

  • These files may potentially compromise or weaken a user's security by displaying the saved passwords and details from certain applications/programs on the user's computer.

  • Depending on the tool, passwords may be recovered from the following applications/programs:
    • Email Clients:
      • Eudora
      • Gmail
      • IncrediMail
      • Hotmail
      • IncrediMail
      • Mozilla Thunderbird
      • Netscape
      • Outlook
    • Web Browsers:
      • Chrome
      • FireFox
      • Internet Explorer
      • Opera
      • Safari

  • Below are images of the password recovery tools:

    • Figure 1: Password recovery tool for email clients.


    • Figure 2: Password recovery tool for web browser.


    • Figure 3: Password recovery tool for web browser.


  • Following are some of the exact file hashes associated with this detection:
    • Md5: 3e81668df5b7ae38fb883663020454fe
      Sha256: e61bf9bd369c8de2cf56b331b03d14773accc2857c7d52d325c1bf727c7f61ae
    • Md5: 64ce7b9de8918df073c22143a971ef9d
      Sha256: 700c053da68ba071145672e2ddba2a6189e14912ab0501f6bd5108dbdbab6eb4
    • Md5: 1258a816dcd08b85895aecf7140ed2da
      Sha256: 38929e3bf6c539a0c27e6fa10d63168bbbbe551c5b396fb06bc7a4513336f6e3

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-03-28 92.02865
2024-03-20 92.02624
2024-03-18 92.02564
2024-03-11 92.02346
2024-03-04 92.02137
2024-03-01 92.02046
2024-02-29 92.02032
2024-02-29 92.02027
2024-02-29 92.02022
2024-02-29 92.02021