{
  "family": "ldpinch",
  "sample_count": 38,
  "category": "unknown",
  "description": "LdPinch is a password-stealing trojan that specifically targets stored credentials in popular Windows applications including instant messaging clients, email clients, browsers, and dial-up connection settings. In the EMBER 2018 dataset, LdPinch represents a significant credential theft threat, particularly targeting Russian-speaking users and platforms. It transmits stolen credentials to C2 servers via HTTP and email, and uses registry modifications for persistence.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [
    "win32.ldpinch",
    "pinch",
    "pinch_stealer",
    "ldpinch.a",
    "ldpinch.b"
  ],
  "enrichment_level": "hand-curated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is LdPinch?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "LdPinch (also known as Pinch) is a password-stealing trojan that extracts stored credentials from browsers, email clients, instant messaging applications, and system connection settings. It has been particularly prevalent targeting Russian-language applications and users, transmitting stolen credentials to attacker email addresses or HTTP servers."
      }
    },
    {
      "@type": "Question",
      "name": "What applications does LdPinch target?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "LdPinch targets a wide range of applications including Internet Explorer, Firefox, Opera, The Bat! (email), Outlook Express, ICQ, Miranda, various FTP clients, and Windows stored credentials. Older variants specifically targeted Russian-language applications popular in Eastern European markets."
      }
    },
    {
      "@type": "Question",
      "name": "How does LdPinch spread?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "LdPinch is distributed through malicious email attachments, pirated software from underground forums, and social engineering attacks via instant messaging. It was particularly prevalent in Eastern European underground markets where it was sold as a builder toolkit."
      }
    },
    {
      "@type": "Question",
      "name": "How do I remove LdPinch?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Remove LdPinch with anti-malware tools and immediately change all passwords from a clean device. If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance."
      }
    }
  ],
  "faq_count": 4,
  "mitre_attack": [
    "T1555.003",
    "T1539",
    "T1552.001",
    "T1041",
    "T1547.001"
  ],
  "cisa_advisory": null,
  "last_updated": "2026-06-08"
}