Ficker Malware Tricks People To Get Their Passwords

May 7, 2021

Written by wukovits

Boy working on laptop

Jiri Kropac, the head of ESET’s Threat Detection Labs, recently reported a new malware campaign to be aware of.

This one is a bit different in terms of methodology. Hackers most commonly employ emails utilizing various social engineering tricks in an attempt to lure unsuspecting recipients into clicking malicious links or downloading poisoned files.

In this instance, however, the hackers are boldly advertising, impersonating legitimate online destinations like Spotify or the Microsoft store. For instance, one example of the ad campaign hypes a chess program, inviting users to download it.

If anyone clicks on the link, they are taken to what appears to be a page on the Microsoft store, promising the software mentioned in the ad.

Anyone clicking to install the chess program will have the FickerStealer malware installed on their system instead. This malware is a Trojan released on Russian hacking forums in January of this year (2021). It was designed to steal a wide range of user data, including the capability to pilfer cryptocurrency from a variety of supposedly secure cryptocurrency wallets.

All stolen data is zipped for compression and periodically exfiltrated to a command and control server run by the hackers. Even worse, the developers behind this particular malware strain posted it on the hacker forums in a bid to gin up customers, as their goal has been, from the start, to rent their code out to anyone who wants to make use of it.

Given that, you can bet that we’ll be hearing a great deal more about FickerStealer in the weeks and months ahead, as an increasing number of hackers take the developers up on their offer and begin deploying it in a growing number of campaigns.

The only real defense against this kind of campaign is to instruct your users not to click on any advertisements. If they want an app, or to sign up for services like Spotify, rather than clicking ads, have them type the URL in manually.

Make sure your people are all aware of the new threat, and stay safe out there.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Send us a message

Your message was sent.