Experts Shed Light On New Russian Malware-as-a-Service Written in Rust

2021-08-12 08:13

A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.

First seen in the wild in August 2020, the Windows-based malware is used to steal sensitive information, including login credentials, credit card information, cryptocurrency wallets, and browser information, in addition to functioning as a tool to grab sensitive files from the compromised machine, and act as a downloader to download and execute additional second-stage malware.

CyberArk, in an analysis of the Ficker malware last month, noted its heavily obfuscated nature and Rust roots, making the analysis more difficult, if not prohibitive.

Aside from relying on obfuscation techniques, the malware also incorporates other anti-analysis checks that prevent it from running on virtualized environments and on victim machines located in Armenia, Azerbaijan, Belarus, Kazakhstan, Russia, and Uzbekistan.

"The malware also has screen-capturing abilities, which allow the malware's operator to remotely capture an image of the victim's screen. The malware also enables file-grabbing and additional downloading capabilities once connection to its C2 is established," the researchers said.

"Once information is sent back to Ficker's C2, the malware owner can access and search for all exfiltrated data."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/15nGpY5992E/experts-shed-light-on-new-russian.html

#malware #russian