Columbus | Medina | Painesville | Akron | Cleveland
 GET A CUSTOMIZED PROPOSAL

Technology Tips

  • HOME
  • BLOG
  • Ficker Malware Tricks People To Get Their Passwords
May 07, 2021

Ficker Malware Tricks People To Get Their Passwords

Written By Randy Hall

Jiri Kropac, the head of ESET's Threat Detection Labs, recently reported a new malware campaign to be aware of.

This one is a bit different in terms of methodology. Hackers most commonly employ emails utilizing various social engineering tricks in an attempt to lure unsuspecting recipients into clicking malicious links or downloading poisoned files.

In this instance, however, the hackers are boldly advertising, impersonating legitimate online destinations like Spotify or the Microsoft store. For instance, one example of the ad campaign hypes a chess program, inviting users to download it.

If anyone clicks on the link, they are taken to what appears to be a page on the Microsoft store, promising the software mentioned in the ad.

Anyone clicking to install the chess program will have the FickerStealer malware installed on their system instead. This malware is a Trojan released on Russian hacking forums in January of this year (2021). It was designed to steal a wide range of user data, including the capability to pilfer cryptocurrency from a variety of supposedly secure cryptocurrency wallets.

All stolen data is zipped for compression and periodically exfiltrated to a command and control server run by the hackers. Even worse, the developers behind this particular malware strain posted it on the hacker forums in a bid to gin up customers, as their goal has been, from the start, to rent their code out to anyone who wants to make use of it.

Given that, you can bet that we'll be hearing a great deal more about FickerStealer in the weeks and months ahead, as an increasing number of hackers take the developers up on their offer and begin deploying it in a growing number of campaigns.

The only real defense against this kind of campaign is to instruct your users not to click on any advertisements. If they want an app, or to sign up for services like Spotify, rather than clicking ads, have them type the URL in manually.

Make sure your people are all aware of the new threat, and stay safe out there.
Picture of Randy Hall
About The Author
Randy Hall, CEO & Founder of Securafy, is a seasoned IT leader specializing in cybersecurity, compliance, and business resilience for SMBs. With deep technical expertise and decades of experience, he shares strategic insights on cybersecurity risks, AI in cybersecurity, emerging technology, and the economic challenges shaping the IT landscape. His content provides practical guidance for business owners looking to navigate evolving cyber threats and leverage technology for long-term growth.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.

Securafy Inc.
5900 SOM Center Rd. #12-142 Willoughby, OH 44094
(330) 906-8888
Info@Securafy.com 
Company
Resources
Free Cybersecurity Tips

By subscribing, you agree to our privacy policy and will receive occasional promotional emails.
© 2025 Securafy, Inc.