Jiri Kropac, the head of ESET’s Threat Detection Labs, recently reported a new malware campaign to be aware of.
This one is a bit different in terms of methodology. Hackers most commonly employ emails utilizing various social engineering tricks in an attempt to lure unsuspecting recipients into clicking malicious links or downloading poisoned files.
In this instance, however, the hackers are boldly advertising, impersonating legitimate online destinations like Spotify or the Microsoft store. For instance, one example of the ad campaign hypes a chess program, inviting users to download it.
If anyone clicks on the link, they are taken to what appears to be a page on the Microsoft store, promising the software mentioned in the ad.
Anyone clicking to install the chess program will have the FickerStealer malware installed on their system instead. This malware is a Trojan released on Russian hacking forums in January of this year (2021). It was designed to steal a wide range of user data, including the capability to pilfer cryptocurrency from a variety of supposedly secure cryptocurrency wallets.
All stolen data is zipped for compression and periodically exfiltrated to a command and control server run by the hackers. Even worse, the developers behind this particular malware strain posted it on the hacker forums in a bid to gin up customers, as their goal has been, from the start, to rent their code out to anyone who wants to make use of it.
Given that, you can bet that we’ll be hearing a great deal more about FickerStealer in the weeks and months ahead, as an increasing number of hackers take the developers up on their offer and begin deploying it in a growing number of campaigns.
The only real defense against this kind of campaign is to instruct your users not to click on any advertisements. If they want an app, or to sign up for services like Spotify, rather than clicking ads, have them type the URL in manually.
Make sure your people are all aware of the new threat, and stay safe out there.