Ldpinch

Category: unknown · Aliases: win32.ldpinch, pinch, pinch_stealer, ldpinch.a, ldpinch.b · Sample count (EMBER 2018): 38 · Enrichment: hand-curated · Updated: 2026-06-08

Overview

LdPinch is a password-stealing trojan that specifically targets stored credentials in popular Windows applications including instant messaging clients, email clients, browsers, and dial-up connection settings. In the EMBER 2018 dataset, LdPinch represents a significant credential theft threat, particularly targeting Russian-speaking users and platforms. It transmits stolen credentials to C2 servers via HTTP and email, and uses registry modifications for persistence.

Known aliases

Threat reports may refer to this family under multiple names:

MITRE ATT&CK Techniques

This family has been observed using the following ATT&CK techniques: T1555.003 T1539 T1552.001 T1041 T1547.001

Frequently Asked Questions

What is LdPinch?

LdPinch (also known as Pinch) is a password-stealing trojan that extracts stored credentials from browsers, email clients, instant messaging applications, and system connection settings. It has been particularly prevalent targeting Russian-language applications and users, transmitting stolen credentials to attacker email addresses or HTTP servers.

What applications does LdPinch target?

LdPinch targets a wide range of applications including Internet Explorer, Firefox, Opera, The Bat! (email), Outlook Express, ICQ, Miranda, various FTP clients, and Windows stored credentials. Older variants specifically targeted Russian-language applications popular in Eastern European markets.

How does LdPinch spread?

LdPinch is distributed through malicious email attachments, pirated software from underground forums, and social engineering attacks via instant messaging. It was particularly prevalent in Eastern European underground markets where it was sold as a builder toolkit.

How do I remove LdPinch?

Remove LdPinch with anti-malware tools and immediately change all passwords from a clean device. If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.

Need help with an active incident? If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.

Machine-readable

Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/ldpinch.json

About this catalog

This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.