FickerStealer is a new infostealer threat offered as a MaaS (Malware-as-a-Service) on underground hacker forums. The threat was posted by a user going under the account name 'Ficker.' According to the post, FickerStealer is written on Rust with Assembly language. The server side panel that any potential 'clients' can use to control the threat was created using Rust for the backend and React for the frontend. The threat is advertised as being executed entirely in memory, minimizing the traces it leaves on the targeted computer system. The creators also claim to have built the threat from scratch without any code appropriation from other malware.
If the description can be believed, FIckerStealer can harvest sensitive information from a wide range of sources. It can affect over 40+ Web browsers by stealing passwords, credit card details, form details. Over 15+ desktop crypto wallets also can be affected with the user having the option to include their own targets. Various desktop applications also can have their sessions breached, such as Pidgin, Discord, Steam, ThunderBird, etc. In addition, FIckerStealer can obtain data from the Windows Credentials Manager, FTP clients such as FileZilla and WinScp, harvest system information, take screenshots, and act as a universal grabber. The threat is capable of initiating on all Windows versions ranging from XP to Win 10.
FickerStealer is offered in a tiered system depending on how much and long potential clients want to have access to the threat. The prices begin from $90 for a single week and ramp-up to $900, which provides six months of service.