Written in Delphi language, ‘OnlineGames.dr’ injects its DLL component into running processes and places an ‘autorun.inf’ file in the root of each drive to ensure that it gets activated every time a drive is opened.
Once active, it snoops on user activity, steals confidential account information from unwitting victims and sends it to a remote attacker. In a few cases, the Trojan also posts this stolen information to certain malicious websites. With the username and password of a virtual game player in his hand, the Trojan writer can directly log on to the victim’s account and sell off the characters and other goods for real world money.
This Trojan targets ‘Massively Multiplayer Online Role-playing Games’ (MMORPG), particularly the ones like Gamania and Wowtaiwan, meant for the Taiwanese audience. MMORPG is a genre of online computer role-playing games where a huge number of players interact with each other in a fantasy world. Every participant plays the role of a fantasy character and buys and sells fictional goods online, while they also barter stuff among each other. On many websites you can buy goods and characters using actual currency and do vice versa.