Beware Fickle Stealer: The Rust-Based Malware Wreaking Havoc on Your Data Security

Fortinet FortiGuard Labs has identified a new malware, Fickle Stealer, that uses various attack chains to harvest sensitive information. This Rust-based stealer utilizes PowerShell scripts to bypass security and targets data from crypto wallets, web browsers, and popular applications like Skype and Discord.

3P
Published: June 20, 2024 8:15 amAdded: June 20, 2024 at 1:26 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Move over, Ocean’s Eleven! We’ve got a new heist crew in town, and they’re armed with PowerShell scripts and packing JSON strings. This is one data-stealing drama with more plot twists than a soap opera!

Key Points:

– **Fickle Stealer**: A Rust-based malware targeting sensitive information from compromised hosts.
– **Distribution Methods**: Delivered through VBA dropper, VBA downloader, link downloader, and executable downloader.
– **PowerShell Trickery**: Uses scripts to bypass User Account Control (UAC) and report victim data to a Telegram bot.
– **Stealth Mode**: Employs anti-analysis checks and exfiltrates data in JSON format.
– **Target Rich Environment**: Goes after crypto wallets, popular web browsers, and applications like AnyDesk, Discord, and Telegram.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?