Security News > 2021 > April > Fake Microsoft Store, Spotify sites spread info-stealing malware
Attackers are promoting sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers.
When users click on the ad, they are brought to a fake Microsoft Store page for a fake 'xChess 3' online chess application, which is automatically downloaded from an Amazon AWS server.
Other advertisements from this malware campaign pretend to be for Spotify or an online document converter.
Once a user unzips the file and launches the executable, instead of being greeted by a new online Chess application or the Spotify software, the Ficker malware will run and begin stealing the data stored on their computer.
In addition to stealing passwords, the developer claims the malware can steal over fifteen cryptocurrency wallets, steal documents, and take screenshots of the active applications running on victims' computers.
Due to the Ficker malware's extensive functionality, victims of this campaign should immediately change their online passwords, check firewalls for suspicious port forwarding rules, and perform a thorough antivirus scan of your computer to check for additional malware.