Fickle Stealer

A newly identified malware named the Fickle Stealer, built on Rust, has been observed infiltrating systems through various attack chains. Its primary objective is to gather sensitive information from compromised machines.

Researchers have identified four distinct methods of distribution for the Fickle Stealer: VBA dropper, VBA downloader, link downloader and executable downloader. Some of these methods utilize a PowerShell script to circumvent User Account Control (UAC) and execute the malware. This PowerShell script, known as 'bypass.ps1' or 'u.ps1', is programmed to periodically transmit victim information, such as country, city, IP address, operating system version, computer name, and username, to a Telegram bot under the control of the attacker.

The Fickle Stealer Can Compromise a Wide Range of Sensitive Data

The Fickle Stealer payload is, protected by a packer and employs robust anti-analysis techniques to detect a sandbox and virtual machine environments. Once these checks are bypassed, it establishes communication with a remote server to transmit data in JSON format.

Similar to other malware variants, the Fickle Stealer focuses on extracting information from various sources such as cryptocurrency wallets, Web browsers using Chromium and Gecko engines (e.g., Google Chrome, Microsoft Edge, Brave, Vivaldi, Mozilla Firefox), and applications like AnyDesk, Discord, FileZilla, Signal, Skype, Steam and Telegram.

It is programmed to target files with extensions like .txt, .kdbx, .pdf, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .odp, and wallet.dat for exfiltration.

Moreover, the Fickle Stealer conducts searches in parent directories of commonly used installation paths to locate sensitive files, ensuring comprehensive data collection. It also receives updated instructions from the server, enhancing its versatility and adaptability in retrieving targeted information.

A Stealer Malware Could Have Dire Consequences for Victims

Stealer malware poses significant dangers to its victims due to its ability to infiltrate systems silently, gather sensitive information, and transmit it to fraud-related actors. Here are some specific dangers posed by stealer malware threats:

• Data Theft: Stealer malware targets sensitive information such as usernames, passwords, financial data (including cryptocurrency wallets), personal documents and other confidential information stored on the victim's system. The stolen data can be used for various harmful purposes, including identity theft, fraud or selling it on the Dark Web.
• Financial Loss: Many stealer malware variants specifically target cryptocurrency wallets and banking credentials. Once these are compromised, attackers can gain access to funds or conduct unauthorized transactions, leading to financial losses for the victim.
• Privacy Violation: The invasion of privacy is a critical concern with stealer malware. It can capture and transmit personal information such as browsing history, chat logs, emails, and other communications. This breach of privacy may have long-lasting consequences for individuals and businesses.
• System Compromise: Stealer malware often opens backdoors or installs additional unsafe payloads on infected systems. This could lead to further compromise of the system's security, allowing attackers to gain persistent access, install ransomware, or use the compromised system as part of a botnet.
• Business Impact: In the case of businesses, stealer malware can result in significant operational disruptions, reputational damage and legal liabilities. Loss of tactful corporate data, intellectual property, or customer information can have far-reaching consequences.
• Difficulty in Detection: Stealer malware often employs advanced evasion techniques such as anti-analysis checks, encryption, and obfuscation to avoid detection by anti-malware software and security measures. This can prolong the period of compromise, allowing attackers to continue extracting data unnoticed.
• Social Engineering and Phishing: Some stealer malware variants use harvested information to launch targeted phishing attacks. By leveraging stolen credentials and personal details, attackers can craft convincing phishing emails or messages, increasing the likelihood of further compromises.

Overall, the dangers posed by stealer malware underscore the importance of robust cybersecurity practices, including regular software updates, endpoint protection, user education on phishing awareness, and proactive monitoring for suspicious activities. Rapid detection and response are crucial to mitigating the impact of these sophisticated threats on individuals and organizations alike.