Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

https://firewall.firm.in/wp-content/uploads/2024/06/malware.png

Jun 20, 2024NewsroomThreat Intelligence / Cybercrime

Rust-based Malware

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts.

Fortinet FortiGuard Labs said it’s aware of four different distribution methods — namely VBA dropper, VBA downloader, link downloader, and executable downloader — with some of them using a PowerShell script to bypass User Account Control (UAC) and execute Fickle Stealer.

The PowerShell script (“bypass.ps1” or “u.ps1”) is also designed to periodically send information about the victim, including country, city, IP address, operating system version, computer name, and username to a Telegram bot controlled by the attacker.

Cybersecurity

The stealer payload, which is protected using a packer, runs a series of anti-analysis checks to determine if it’s running in a sandbox or a virtual machine environment, following which it beacons out to a remote server to exfiltrate data in the form of JSON strings.

Fickle Stealer is no different from other variants in that it’s designed to gather information from crypto wallets, web browsers powered by Chromium and the Gecko browser engine (i.e, Google Chrome, Microsoft Edge, Brave, Vivaldi, and Mozilla Firefox), and applications like AnyDesk, Discord, FileZilla, Signal, Skype, Steam, and Telegram.

It’s also designed to export files matching the extensions .txt, .kdbx, .pdf, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .odp, and wallet.dat.

UAC Bypass and Data Exfiltration

“In addition to some popular applications, this stealer searches sensitive files in parent directories of common installation directories to ensure comprehensive data gathering,” security researcher Pei Han Liao said. “It also receives a target list from the server, which makes Fickle Stealer more flexible.”

The disclosure comes as Symantec disclosed details of an open-source Python stealer called AZStealer that comes with the functionality to steal a wide variety of information. Available on GitHub, it has been advertised as the “best undetected Discord stealer.”

Cybersecurity

“All stolen information is zipped and depending on the size of the archive exfiltrated directly through Discord webhooks or first uploaded to Gofile online files storage and after that exfiltrated via Discord,” the Broadcom-owned company said.

“AZStealer will also attempt the theft of document files with predefined targeted extensions or those having specific keywords such as password, wallet, backup, etc. in the filename.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket