What is it?

LDPinch is a family of Windows spyware programs that can steal data via a keystroke logger and tie it to applications such as email, FTP, chat clients and websites. The malware can send the captured data to a website via an HTTP POST or via email messages.

How does it work?

LDPinch typically arrives on a system through a malicious website, an email attachment or in shared files. It installs a Trojan DLL that allows it to read the contents of data being written and read on the network, giving it access to stolen authentication data. LDPinch can also access applications via their COM interfaces and steal both stored and entered passwords.

Should I be worried?

Most AV software detects common LDPinch variants. However, because it is easily available, LDPinch can pose a threat to organisations due to its popularity and because it is designed to be extended by its users.

How can I prevent it?

LDPinch uses no exploits to install itself on to a victim computer other than social engineering tricks. If files are scanned on entering the network via a scanning proxy or a content scanning mail server, and physical devices are restricted, a lot of the avenues for LDPinch to propagate are closed. Updated anti-virus tools that scan files on access, can also help stop the spread of this malware.