Most types of malware are designed to steal your credentials, including sensitive information like your credit card information and personal identities, or even hijack your files.Malware usually sneaks into a person's computer, usually through an email attachment, or more commonly, through a social engineering attack.
A particularly worrying type of malware isFickerStealer, a common information-stealing software that has been around since 2020.So what is it?What does it do?What can you do if you are affected?
FickerStealer was first spotted on the dark web in August 2020.This is a popular information stealer that targets Windows systems and was originally sold as a Malware-as-a-Service (MaaS) program on Telegram for around $8.At the time, FickerStealer had different features and cost a whopping $200.
FickerStealer can steal sensitive information stored on a victim's computer, including:
1. Cryptocurrency wallet address.
2. Password from the web browser.
3. Credit card details.
4. SSH password or FTP login information.
5. Computer login password.
6. Any credentials stored by Windows Credential Manager.
FickerStealer works by claiming that it can steal sensitive information from more than 40 browsers, including all popular browsers such as Chrome, Opera, Firefox, and Edge.
Once it penetrates the browser, the malware is able to steal data and forward it back to the malware sender.If you're using an FTP client or an email application like Outlook or Thunderbird, FickerStealer is also able to steal information from these programs.
It is able to collect all the information from your computer including processor, installed applications, CPU usage, and it can also take screenshots.
FickerStealer is written in Rust and Assembly, two programming languages that are incredibly efficient and load fast. Rust itself is a fairly complex language, which makes it slightly difficult to reverse engineer.
Buyers will get a web-based panel that will allow them to review any information they steal from victims.
How does FickerStealer infect your computer?
Like most malware, FickerStealer is spread using a variety of different techniques.
These emails are often carefully disguised to offer something of value, and if an unwitting person downloads the attachment, malware is instantly injected into the file system.This is one of the most common ways malware spreads.
These emails are often disguised to appear important, and may even appear official in nature.The attachments they contain are disguised as seemingly innocuous files, including .zip or .rar attachments.But once a person downloads them, a script is executed, infecting their device.
Unofficial downloads of cracked software
Harmful malware like FickerStealer is often spread through "cracked" or risky software downloads.Many people download cracked software programs from unofficial sources.
In most cases, these programs are infected with malware such as FickerStealer.To encourage more downloads, malicious actors often claim to offer cracked versions of popular software such as Microsoft Office or new video games.Before downloading files online, it is always important to double-check important things, such as the authenticity of the website.
Software Activation Tool
FickerStealer can also be easily spread through unofficial software activation tools.These tools are used for piracy and are designed to remove DRM restrictions and allow people to use restricted software without a license key.
A common example is Keygen, or key generator.They usually contain malicious files that can infect your computer once you execute the program.
That's how FickerStealer went viral.Since it's sold as a MaaS, malicious actors have the ability to tailor the program's functionality based on how they want to spread.
What makes FickerStealer so popular?
Unlike traditional malware, this is sold as a service.Therefore, once the buyer closes the deal, they will receive a customized malware package, including server settings and executable files.
Malware distributors also need the address of the C&C (command and control) server, so they can customize the malware's code to communicate with the buyer's server.
Since FickerStealer has no dependencies, it runs without downloading any extra libraries, making it surprisingly fast.Also, unlike other malware, it does not rely on the HTTP protocol to communicate with the C&C server.
Communication is fully encrypted on the client side using XOR rotation, so data is generally difficult to decrypt.What's more, FickerStealer never keeps any logs.
Once the malware has stolen the data, it is forwarded directly to the C&C server, making it harder to detect.Traditional malware usually writes down the data and stores it in a temporary folder before sending it to the C&C server.
How to remove FickerStealer
FickerStealer is primarily aimed at Windows systems, so the following recommendations are primarily aimed at users running that system.
Use powerful antivirus software
Antivirus protection is necessary to detect, quarantine and remove malware from your computer.There are several popular antivirus software available for Windows 11, and it is highly recommended that you use a reputable software such as Kaspersky to protect your computer.
If your computer is infected with FickerStealer, your antivirus software will detect it and delete the infected files.This is perhaps the most important step, because when it comes to malware, prevention is the best cure.
Antivirus software scans your computer regularly to detect any malware or unwanted programs, such as computer worms, and then quarantines infected files.
format your filesystem
This is usually not a recommended method, but if you don't have any sensitive files on your computer and need to get rid of FickerStealer, you might want to consider completely formatting your hard drive.It really should be the last measure you consider, though.
Formatting a hard drive will delete all files on the hard drive, including your operating system (if it's on the same hard drive), so you may have to reboot and install the operating system again.
Stay safe while browsing the web
Malware is often spread through suspicious files and email attachments.It is important that you avoid downloading any untrustworthy files on your computer, especially from unofficial sources.
Also, if you receive an email from an unofficial source, be very cautious when opening it.Most email service providers now have built-in malware scanning tools, so you'll be notified in the event of a file being infected.
And, if you're plugging in a new internal drive, be it a solid state or a hard drive, make sure you format it before you start using it.
Copyright Notice:The article only represents the author's point of view, the copyright belongs to the original author, welcome to share this article, please keep the source for reprinting!