New Ficker Stealer Malware Attacking Windows systems to Steal Sensitive Data

Ficker Stealer is a type of malware that steals sensitive information from over 40 browsers, including popular ones like Chrome, Firefox, Edge, and Opera. It first emerged in 2020 and is known for promoting itself with these capabilities.

It can steal sensitive information stored on a victim’s computer, including

  • Cryptocurrency wallet addresses.
  • Passwords from web browsers.
  • Credit card details.
  • SSH passwords or FTP login information.
  • Computer login passwords.
  • Any credentials stored by the Windows Credential Manager.

Ficker Stealer primarily infiltrates systems through phishing emails, preying on unsuspecting victims who unknowingly download malicious attachments. 

It also exploits compromised websites, leveraging social engineering to deceive users and gain unauthorized access to their machines.

The malware’s capabilities are chilling – it steals passwords, credit card details, files, and more.

Ficker Stealer goes beyond traditional keylogging, employing a range of tactics such as process injection, browser tracking, and file extraction. 

It takes full advantage of its modular design to target specific forms of data, making it a potent weapon for cybercriminals.

The Craftsmanship Behind Ficker Stealer

One distinctive feature of Ficker Stealer is its programming language – Rust. 

This choice enhances the malware’s performance and security due to Rust’s robust design and safety mechanisms. 

Its efficiency enables the creation of intricate malicious programs, while its safety measures counter vulnerabilities within the code, posing a challenge for cybersecurity researchers.

Ficker Stealer employs a range of techniques to extract sensitive data:

  1. Keylogging: Capturing keyboard inputs to steal passwords and other confidential data.
  2. Browser Tracking: Monitoring users’ browser activities to harvest login credentials, cookies, and more.
  3. Process Injection: Embedding itself within legitimate processes to gain access to protected areas of the system.
  4. File Extraction: Configurable to gather various files from compromised systems.
  5. Loader Functionality: Serving as a platform to drop and execute additional malicious programs.

Ficker Stealer employs encryption to protect data transferred to its Command and Control (C2) server. 

It communicates using encrypted channels, making detection and interception challenging. 

The malware also reports back to attackers following successful operations, leaving no trace on the victim’s computer. 

This stealthy behavior complicates efforts to track its activities.

FREE Webinar

API Security Fundamentals: How to Discover, Scan and Protect APIs

API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free Webinar

Unmasking Ficker Stealer’s Execution Process

Ficker Stealer’s behavior comes to light when examined within the ANY.RUN sandbox

Ficker Stelaler in ANY.RUN

This platform allows researchers to analyze the malware’s activities in a controlled environment. 

Ficker Stelaler configuration extracted in ANY.RUN

From its execution process to configuration extraction, the sandbox reveals the malware’s tactics, techniques, and procedures (TTP) in a real-time setting.

The Ficker Stealer malware poses a substantial threat to Windows users’ data security

Its advanced techniques, stealthy behavior, and modular design make it a formidable adversary. 

In the ever-evolving landscape of cyber threats, understanding Ficker Stealer’s workings and adopting defensive measures are crucial for safeguarding sensitive information. 

Exercising caution while interacting with emails, especially those from unfamiliar senders, is paramount. Suspicious attachments or links should be avoided.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Sujatha is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under her belt in Cyber Security, she is covering Cyber Security News, technology and other news.