Riskware/PassView is a generic detection for a riskware, this is synonymous to Generic PUA or Generic PUP. Since this is a generic detection, riskware that are detected as Riskware/PassView may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • Files detected as Riskware/PassView fall under the category of password recovery tools and is classified as greyware.

  • These files may potentially compromise or weaken a user's security by displaying the saved passwords and details from certain applications/programs on the user's computer.

  • Depending on the tool, passwords may be recovered from the following applications/programs:
    • Email Clients:
      • Eudora
      • Gmail
      • IncrediMail
      • Hotmail
      • IncrediMail
      • Mozilla Thunderbird
      • Netscape
      • Outlook
    • Web Browsers:
      • Chrome
      • FireFox
      • Internet Explorer
      • Opera
      • Safari

  • Below are images of the password recovery tools:

    • Figure 1: Password recovery tool for email clients.

    • Figure 2: Password recovery tool for web browser.

    • Figure 3: Password recovery tool for web browser.

  • Following are some of the exact file hashes associated with this detection:
    • Md5: 3e81668df5b7ae38fb883663020454fe
      Sha256: e61bf9bd369c8de2cf56b331b03d14773accc2857c7d52d325c1bf727c7f61ae
    • Md5: 64ce7b9de8918df073c22143a971ef9d
      Sha256: 700c053da68ba071145672e2ddba2a6189e14912ab0501f6bd5108dbdbab6eb4
    • Md5: 1258a816dcd08b85895aecf7140ed2da
      Sha256: 38929e3bf6c539a0c27e6fa10d63168bbbbe551c5b396fb06bc7a4513336f6e3

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

Extended black-background-switch-icon
FortiClient black-background-switch-icon
FortiMail black-background-switch-icon
FortiSandbox black-background-switch-icon
FortiWeb black-background-switch-icon
Web Application Firewall black-background-switch-icon
FortiIsolator black-background-switch-icon
FortiDeceptor black-background-switch-icon
FortiEDR black-background-switch-icon

Version Updates

Date Version Detail
2023-11-25 91.09126
2023-11-21 91.09001
2023-11-20 91.08980
2023-11-16 91.08845
2023-11-14 91.08800
2023-11-13 91.08766
2023-11-05 91.08525
2023-11-03 91.08475
2023-10-31 91.08373
2023-10-24 91.08167