A new nefarious information stealer has been detected in the wild. Dubbed Ficker and detected by the BlackBerry Research & Intelligence Team, the infostealer is sold and distributed on Russian underground forums by a hacker known as @ficker. The malware was first spotted in the wild in the middle of 2020.
How Is Ficker Infostealer Distributed?
The threat uses the malware-as-a-service model. In terms of propagation, Ficker utilizes trojanized web links and compromised websites, redirecting potential victims to pages offering free downloads of legitimate paid services like Spotify and YouTube Premium. In addition to these luring techniques, the malware also uses the well-known Hancitor malware downloader on infected systems.
It is worth mentioning that Ficker is coded in the Rust programming language, which is a “multi-paradigm, high-level, general-purpose programming language designed for performance and safety, especially safe concurrency.”
What’s the Purpose of Ficker Infostealer?
The main goal of the malware is to steal various types of personal details related to the victim’s web browsers, credit card information, crypto wallets, FTP clients, and various applications. The threat is also capable of anti-analysis checks, and can deploy further functionality to download additional malware once the system is breached, BlackBerry researchers said in their report.
This is not the only infostealer detected in active campaigns in the wild.
Security researchers from Sophos Labs recently tracked a new campaign distributing the well-known Raccoon inforstealer. The malware, which is run on as-a-service basis by its developers, has been updated with new tactics, techniques and procedures to steal critical information from its targets. The information Raccoon steals can be uploaded either for sale in criminal marketplaces, or used by cybercriminals for other purposes.
The malware is neither sophisticated nor innovative, yet its malware-as-a-service (MaaS) model gives cybercriminals a quick-and-easy method to make money by compromising sensitive user details.