The Fareit trojan, first observed in 2014, is primarily an information stealer and a malware downloader, with the intent to obtain user credentials and install additional malware, respectively. The Fareit family of malware is mainly associated with malware distribution. Additionally, the trojan steals credentials from installed FTP clients, cryptocurrency wallets, and stored passwords in browsers. Fareit is typically spread through spam emails but was also observed using malicious DNS servers to infect victim machines.


  • April 2014: Fareit trojan spreads Necurs, Zbot, and CryptoLocker. (SC Magazine)
  • March 2015: Fareit trojan uses fake Adobe Flash Player update to infect users. (F-Secure)
  • June 2016: Fareit trojan delivered using fake FedEx delivery email notifications. (InfoSecurity)
  • November 2016: Fareit trojan is using the .mht file extension in malicious email attachments. (Talos)

Technical Details

  • Cisco’s Talos Group provides technical details on the Fareit malware family, here.

One example of the Fareit variant. Image Source: Talos Group

Trojan VariantsNJCCICFareit