‘Ficker’ Infostealer Is After Your Credit Cards and Crypto Wallets


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
  • ‘Ficker’ is out there, looking to grab your credit card info, login credentials, crypto, and email accounts.
  • The malware is dropped through laced Word documents that arrive via spam mail campaigns.
  • The data is encrypted and exfiltrated on the fly, sent directly to the C2 without storing anything locally.
‘Ficker’ is an infostealer written in Rust and targeting Windows systems, offered to cybercriminals as a MaaS (malware as a service) on Russian-speaking hacker forums. It was first uncovered last year, noticed distributed via Trojanized websites that promised free access to Spotify and YouTube Premium. This year, the program is expanding and getting more impactful. ‘Ficker’ can target and steal information stored or entered in web browsers, FTP clients, and other apps, going mainly for credit card details as well as crypto-wallets. As such, it’s going directly for the money.

A report on the BlackBerry blog describes a malware that’s being actively developed and promoted on various forums, with the author posting periodically to update the community of the latest improvements implemented on Ficker. Recently, the deployment of the malware begun involving ‘Hancitor’, a malware that uses Trojanized MS Word documents delivered as extensions on spam emails. These documents feature malicious macro that runs when opened and fetches Ficker right from the C2 of the operator.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.