Threat actors have leveraged a VBA downloader, VBA dropper, executable downloader, and link downloader to deploy the novel Fickle Stealer malware, Security Affairs reports.
Attacks with the Rust-based information-stealing payload also involved a PowerShell script meant to evade User Account Control, escalate privileges, and enable data exfiltration activities, according to a report from Fortinet FortiGuard Labs.
Researchers noted that executing Fickle Stealer would prompt the delivery of victim information to attacker-controlled servers and anti-analysis checks before proceeding with the theft of data from AnyDesk, Telegram, Signal, Skype, Discord, Steam, FileZilla, and other apps, as well as plugins, cryptocurrency wallets, and Chromium- and Gecko-based web browsers.
Other sensitive files within installation directories' parent directories are also being scanned by Fickle Stealer, which has been made even more versatile in its data-gathering capabilities by a server-based target list.
"Variants receiving an updated list are observed. The frequently updated attack chain also shows that it's still in development," said the report.
