EDDIESTEALER Targets Users with Deceptive Tactics
EDDIESTEALER, a Rust-based malware, spreads through fake CAPTCHA pages. These pages trick users into running a malicious PowerShell script. For example, the script deploys the infostealer to harvest credentials and crypto wallets. The campaign uses a social engineering tactic called ClickFix to initiate attacks.
How the Attack Begins
Attackers compromise legitimate websites with malicious JavaScript. The script displays a fake CAPTCHA page prompting users to verify they’re not robots. Users must open the Windows Run dialog, paste a command, and execute it. Consequently, this action retrieves the EDDIESTEALER payload from a remote server.
Malware Execution and Features
The payload, a Rust binary, saves itself in the Downloads folder. It then connects to a command-and-control server for tasks. For instance, it targets browsers, password managers, and messaging apps. Additionally, EDDIESTEALER uses encryption and a mutex to avoid detection.
Bypassing Browser Security
EDDIESTEALER bypasses Chrome’s app-bound encryption to access sensitive data. It includes a Rust version of ChromeKatz to dump cookies from memory. Moreover, it spawns an off-screen Chrome window to read network service data. This method ensures the malware extracts credentials without user interaction.
Advanced Stealth Techniques
The malware employs self-deletion to evade analysis. It uses NTFS Alternate Data Streams to remove itself if detected in a sandbox. A report notes its updated versions collect GPU and CPU details. Therefore, EDDIESTEALER adapts to stay ahead of traditional security measures.
Growing Trend in Malware Development
Rust’s use in EDDIESTEALER reflects a trend among cybercriminals. This language offers stealth and stability, making detection harder. As a result, modern malware becomes more resilient to analysis. Threat actors increasingly leverage such tools to target sensitive data.
Preventing EDDIESTEALER Attacks
To stop EDDIESTEALER, avoid running commands from unverified CAPTCHA pages. For example, verify website authenticity before taking action. Use antivirus software to scan downloads and enable two-factor authentication. Additionally, educate users about ClickFix tactics to reduce risks. These steps help protect against infostealers and data theft.
Sleep well, we got you covered.
