New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

Fickle Stealer, a new Rust-based information theft virus, has been seen spreading via several attack chains in an attempt to obtain private data from affected computers.

The VBA dropper, VBA downloader, link downloader, and executable downloader are the four distribution techniques that Fortinet FortiGuard Labs is aware of. Some of these methods use a PowerShell script to circumvent User Account Control (UAC) and run Fickle Stealer.

In addition, the PowerShell script “bypass.ps1” or “u.ps1” is made to routinely transfer victim data, such as IP address, nation, city, computer name, operating system version, and username, to a Telegram bot under the attacker’s control.

After completing a number of anti-analysis checks to ascertain whether it is operating in a virtual machine or sandbox, the packer-protected stealer payload beacons read more about New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *