Hackers are increasingly using stealers like Fickle Stealer to steal login credentials, financial data, and other sensitive information from infected computer systems. Fickle Stealer, a sophisticated Rust-based malware, has been actively targeting Windows machines, as recently discovered by cybersecurity researchers at Fortinet. This malware is delivered through various methods, including VBA droppers and executable downloaders, and evades detection through innovative techniques like code injection and communication via Telegram.
Once installed, Fickle Stealer initiates anti-analysis checks, detects debuggers, and gathers system information. It creates a folder in the Temp directory, copies itself, and communicates with its command-and-control (C2) server. The server responds with an encrypted target list, guiding the malware to steal data from specific crypto wallets, plugins, file extensions, and paths. The stolen data is then compressed, encoded in a JSON format, and exfiltrated to the C2 server.
Fickle Stealer’s ability to adapt and update its target list makes it a significant threat, as it can continuously evolve and target new applications. It searches for sensitive data in common installation directories and receives frequent updates from its C2 server, enabling it to stay ahead of traditional security measures. This emphasizes the need for robust security solutions to monitor and protect against such advanced threats.
To mitigate the risks posed by Fickle Stealer, Fortinet recommends regularly updating detection systems, educating users about the dangers of downloading unapproved software, and implementing strict security controls. By doing so, organizations can better protect themselves against these evolving threats and ensure the safety of their sensitive data. Fortinet’s findings highlight the importance of staying vigilant and proactive in the ever-changing landscape of cybersecurity.
Reference:
