Experts Shed Light On New Russian Malware-as-a-Service Written in Rust

Nittala Sri Manish

August 12, 2021

A new type of information-stealing malware has been discovered and sold on underground Russian forums, which indicates that threat actors are increasingly resorting to exotic programming languages to evade security protections. Dubbed as Ficker Stealer, it is a browser hijacker that lures users to fraudulent landing pages that offer free downloads of popular apps like YouTube Music and Spotify. Ficker is a type of malware that's distributed as a service through underground forums. Its creator offers various paid packages. The Windows-based malware is designed to steal sensitive information, such as usernames and passwords. It works as a tool to gather sensitive files from a compromised machine. Ficker is usually delivered through spam campaigns that involve sending targeted emails with weaponized Excel documents. These emails then contain a Hancitor payload, which injects the final payload. The Ficker digital threat family was discovered in late 2017. It was initially targeted at users who signed up for a free DocuSign account. The malware then used a Windows binary to install it. Once a fake DocuSign document is opened, Hancitor will send a malicious link to a website that contains a sample of Ficker, which can be used to download. Aside from obfuscation techniques, Ficker also uses various anti-analysis checks to prevent it from running on virtual machines and on victim machines located in various countries. The malware can also remotely capture an image of the screen. It also allows the infected person to download additional files and extract data from the victim's computer.

Abridged fromThe Hacker News