June 20, 2024 at 04:21AM
A new Rust-based malware, Fickle Stealer, is observed being delivered through various attack chains to harvest sensitive data. It uses different distribution methods, including PowerShell scripts, to bypass security measures and exfiltrate data to a remote server. Fickle Stealer targets information from crypto wallets, web browsers, and applications while also searching for specific file types.
From the meeting notes:
– A new Rust-based information stealer malware called Fickle Stealer has been observed using multiple attack chains to harvest sensitive information from compromised hosts.
– It is delivered through various distribution methods, employing a PowerShell script to bypass User Account Control and execute the Fickle Stealer.
– The malware is designed to send victim information to a Telegram bot and exfiltrate data to a remote server in the form of JSON strings.
– Fickle Stealer targets crypto wallets, web browsers, and various applications to gather sensitive files.
– It also performs anti-analysis checks and can receive a target list from the server.
– Additionally, Symantec disclosed details of an open-source Python stealer called AZStealer, which has the functionality to steal a wide variety of information, particularly from Discord, and exfiltrate it through Discord webhooks or Gofile online file storage.
For more exclusive content, you can follow the newsroom on Twitter and LinkedIn.