Info Stealer

Pony

First seen: 2011 • Status: active

Currently Active Threat

Pony is an old but still popular password stealer whose code was leaked, so many criminals made their own versions.

Overview

Pony is a credential stealer and loader that has been active for over a decade. Its source code leak led to numerous variants still used today.

Also Known As

Pony Loader, Fareit

How It Spreads

  • Spam campaigns
  • Exploit kits
  • Drive-by downloads

What It Does

  • Credential theft
  • Cryptocurrency wallet theft
  • Secondary payload delivery
  • FTP credential harvesting

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for Pony C2 patterns
  • Check for credential harvesting
  • Analyze loader behavior
  • Review outbound data transfers

MITRE ATT&CK Techniques

T1555, T1005, T1105, T1566

If You're Infected

  1. 1.

    Remove Pony malware

  2. 2.

    Reset all credentials

  3. 3.

    Check for secondary payloads

  4. 4.

    Secure cryptocurrency wallets

Related Malware

Lokibot, Agenttesla, Azorult

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices