Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

New Rust-based malware targets Microsoft Windows, abuses Powershell, and steals sensitive info

Data Breach.

Security pros are warning of a new infostealer being distributed using different methods across the internet.

Fickle Stealer does the usual tactics - steals sensitive files, system information, files stored in the browser, cryptocurrency wallet information, and more - but what’s somewhat unusual about Fickle Stealer is that it is built on Rust.

"In addition to some popular applications, this stealer searches sensitive files in parent directories of common installation directories to ensure comprehensive data gathering," security researcher Pei Han Liao said. "It also receives a target list from the server, which makes Fickle Stealer more flexible."

Evading infostealers

Cybersecurity researchers from Fortinet FortiGuard Labs are saying that there are four separate distribution methods for Fickle Stealer, including a VBA dropper, a VBA downloader, link downloader, and executable downloader.

Some of these methods are also using a PowerShell script which bypasses User Account Control (UAC) mechanisms, as well. The PowerShell script also sends out system information such as the device's country and city, IP address, operating system version, computer name, and username.

All of the data is exfiltrated to a Telegram bot.

Next to ransomware, infostealers are some of the most popular and most disruptive forms of malware out there. They allow threat actors to gain access to sensitive services, such as banking accounts, social media profiles, and corporate platforms. What’s more, with cryptocurrency wallet data, hackers can import the information into their own wallets, essentially stealing whatever money they find there. 

Lastly, infostealers allow them to access people’s email inboxes, which can then lead to phishing attacks, impersonation and identity theft, and even ransomware attacks on corporate IT infrastructure.

Securing a device against infostealers is the same as securing it against any other form of malware - by not downloading and running suspicious files, and by double-checking all the attachments coming in the email. 

Via TheHackerNews

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.