Network Security, Malware, Threat Intelligence

Multiple attack vectors leveraged to deliver new Fickle Stealer malware

Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol. 3d rendering.

Threat actors have leveraged a VBA downloader, VBA dropper, executable downloader, and link downloader to deploy the novel Fickle Stealer malware, Security Affairs reports.

Attacks with the Rust-based information-stealing payload also involved a PowerShell script meant to evade User Account Control, escalate privileges, and enable data exfiltration activities, according to a report from Fortinet FortiGuard Labs.

Researchers noted that executing Fickle Stealer would prompt the delivery of victim information to attacker-controlled servers and anti-analysis checks before proceeding with the theft of data from AnyDesk, Telegram, Signal, Skype, Discord, Steam, FileZilla, and other apps, as well as plugins, cryptocurrency wallets, and Chromium- and Gecko-based web browsers.

Other sensitive files within installation directories' parent directories are also being scanned by Fickle Stealer, which has been made even more versatile in its data-gathering capabilities by a server-based target list.

"Variants receiving an updated list are observed. The frequently updated attack chain also shows that it's still in development," said the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.