We recently reported on malware writers tricking iPhone owners into downloading gambling apps by pretending they are games and advertising them using normal channels.
Now a separate malware group is trying something similar but slightly different. Just like the iPhone issue, the malware authors advertise software or games using normal ads, and when users click on the ads they are directed to websites that pretend to be the official Microsoft Store.
When users click the download link, instead of installing the game a zip file is downloaded which contains the “Ficker” or “FickerStealer” malware, which then proceeds to steal your private data, including saved credentials in web browsers, desktop messaging clients (Pidgin, Steam, Discord), and FTP clients. The malware can steal over fifteen cryptocurrency wallets, steal documents, and take screenshots of the active applications running on victims’ computers. Data are then zipped and transmitted back to the hacker.
Besides Microsoft Store apps, hackers also impersonate Spotify and an online document converter.
Due to how pernicious the malware is if users had this experience, ESET recommends those affected should immediately change their online passwords, check firewalls for suspicious port forwarding rules, and perform a thorough antivirus scan of your computer to check for additional malware.