A novel Rust-based infostealer called EDDIESTEALER has been discovered, distributed through fake CAPTCHA campaigns. The malware uses deceptive verification pages to trick users into executing a malicious PowerShell script, which deploys the infostealer. EDDIESTEALER targets sensitive data including credentials, browser information, and cryptocurrency wallet details. It communicates with a command and control server to receive tasks and exfiltrate data. The malware employs string obfuscation, API obfuscation, and other evasion techniques. It specifically targets various crypto wallets, browsers, password managers, FTP clients, and messaging applications. The use of Rust in its development reflects a growing trend among threat actors seeking enhanced stealth and resilience against traditional analysis methods. Author: AlienVault
Related Tags:
T1555.004
T1555.005
captcha
data exfiltration
Rust
T1555
T1555.003
Cryptocurrency
T1005
Associated Indicators:
ACAE8A4D92D24B7E7CB20C0C13FD07C8AB6ED8C5F9969504A905287DF1AF179B
47409E09AFA05FCC9C9EFF2C08BACA3084D923C8D82159005DBAE2029E1959D0
F8B4E2CA107C4A91E180A17A845E1D7DAAC388BD1BB4708C222CDA0EFF793E7A
53F803179304E4FA957146507C9F936B38DA21C2A3AF4F9EA002A7F35F5BC23D
2BEF71355B37C4D9CD976E0C6450BFED5F62D8AB2CF096A4F3B77F6C0CB77A3B
F6536045AB63849C57859BBFF9E6615180055C268B89C613DFED2DB1F1A370F2
B8B379BA5AFF7E4EF2838517930BF20D83A1CFEC5F7B284F9EE783518CB989A7
162A8521F6156070B9A97B488EE902AC0C395714ABA970A688D54305CB3E163F
5330CF6A8F4F297B9726F37F47CFFAC38070560CBAC37A8E561E00C19E995F42