Distributing Ficker Malware Through Advertising
As stealing credentials can help fraudsters exploit more resources, they’re always in a state of crafting new plans to obtain them. One such plan was discovered by ESET researchers, who warned about a campaign where the threat actors are advertising malware disguised as legitimate applications.
— ESET research (@ESETresearch) April 19, 2021 If the user continues to download and run the application (executable), it turns out to be a Ficker (FickerStealer) malware capable of stealing sensitive data like credentials from the victim’s web browser and apps. Apart from the Chess application hosted on a fake Microsoft Store, other luring tactics impersonate Spotify and a document converter. Researchers warned to be suspicious when interacting with such applications, as some (in the case of Spotify as above) don’t the user to manually download an application, but just visiting the website to get infected. Ficker is a data-stealing malware first seen circulating in Russian-speaking hacker forums, which the developer to buyers is renting out. Apart from extracting the saved passwords from web browsers, Ficker can also steal over fifteen different types of cryptocurrency wallets, documents and even take screenshots of the current applications. These will be zipped in a file and transported back to the hacker’s C2.
