The past few years have seen a significant increase in the number of Rust developers. Rust is a programming language focused on performance and reliability.
However, for an attacker, its complicated assembly code is a significant merit. In May 2024, FortiGuard Labs observed a Rust-based stealer. In addition to its intricate code, the stealer is distributed using a variety of strategies and has a flexible way of choosing its target. Because of this ambiguity, we decided to call it Fickle Stealer. This article summarizes the details of this campaign, roughly dividing the attack chain into three stages: Delivery, Preparatory Work, and Packer and Stealer Payload.
Read more…
Source: Fortinet
Related:
- Good old malware for the new Apple Silicon platform
March 12, 2021
A short while ago, Apple released Mac computers with the new chip called Apple M1. The unexpected release was a milestone in the Apple hardware industry. However, as technology evolves, we also observe a growing interest in the newly released platform from malware adversaries. This inevitably leads us to new malware samples compiled for the ...
- No Laughing Matter: Joker’s Latest Ploy
March 12, 2021
Joker reveals more tricks up its sleeves: new malicious Android apps that, like in past schemes, subscribe users to premium services without their consent. Joker (a.k.a. Bread) is one of the most persistent malware families that continually targets Android devices. The malware entered the scene in 2017, and by early 2020, Google has removed more than ...
- NimzaLoader malware was written in an unusual programming language to stop it from being detected
March 11, 2021
A prolific cyber criminal hacking operation is distributing new malware which is written in a programming language rarely used to compile malicious code. Dubbed NimzaLoader by cybersecurity researchers at Proofpoint, the malware is written in Nim – and it’s thought that those behind the malware have decided to develop it this way in the hopes that ...
- Microsoft reveals GoldMax, Sibot and GoldFinder new malware strains used by SolarWinds hackers
March 4, 2021
Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims’ networks as second-stage payloads. The company now tracks the “sophisticated attacker” who used the Sunburst backdoor and Teardrop malware during the SolarWinds supply-chain attack as Nobelium. Security researchers with the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team found ...
- New Sunshuttle Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
March 4, 2021
Mandiant Threat Intelligence discovered a new backdoor uploaded by a U.S.-based entity to a public malware repository in August 2020 that we have named SUNSHUTTLE. SUNSHUTTLE is written in GO, and reads an embedded or local configuration file, communicates with a hard-coded command and control (C2) server over HTTPS, and supports commands including remotely uploading ...
- Compromised Website Images Camouflage ObliqueRAT Malware
March 2, 2021
The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites. The remote access trojan (RAT), which has been operating since 2019, spreads via emails, which have malicious Microsoft Office documents attached. Previously, payloads were embedded into the documents themselves. Now, if users click on the attachment, they’re redirected ...