- Aug 17, 2014
- ‘Ficker’ is out there, looking to grab your credit card info, login credentials, crypto, and email accounts.
- The malware is dropped through laced Word documents that arrive via spam mail campaigns.
- The data is encrypted and exfiltrated on the fly, sent directly to the C2 without storing anything locally.
‘Ficker’ is an infostealer written in Rust and targeting Windows systems, offered to cybercriminals as a MaaS (malware as a service) on Russian-speaking hacker forums. It was first uncovered last year, noticed distributed via Trojanized websites that promised free access to Spotify and YouTube Premium. This year, the program is expanding and getting more impactful. ‘Ficker’ can target and steal information stored or entered in web browsers, FTP clients, and other apps, going mainly for credit card details as well as crypto-wallets. As such, it’s going directly for the money.
A report on the BlackBerry blog describes a malware that’s being actively developed and promoted on various forums, with the author posting periodically to update the community of the latest improvements implemented on Ficker. Recently, the deployment of the malware begun involving ‘Hancitor’, a malware that uses Trojanized MS Word documents delivered as extensions on spam emails. These documents feature malicious macro that runs when opened and fetches Ficker right from the C2 of the operator.
‘Ficker’ is out there, looking to grab your credit card info, login credentials, crypto, and email accounts.