A new malware campaign is distributing EDDIESTEALER, a Rust-based information stealer utilizing social engineering tactics via fake CAPTCHA verification pages. The campaign tricks users into running a malicious PowerShell script, which ultimately downloads the malware. The compromise starts with legitimate sites being altered to display bogus CAPTCHA pages, prompting victims to execute commands that retrieve malicious payloads. EDDIESTEALER targets various sensitive data, including credentials and cryptocurrency wallet information, and is configurable, allowing the attackers to adapt their targets based on operational commands.
"This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as credentials, browser information, and cryptocurrency wallet details."
"The attack chains begin with threat actors compromising legitimate websites with malicious JavaScript payloads that serve bogus CAPTCHA check pages, which prompt site visitors to 'prove you are not [a] robot' by following a three-step process."
"Written in Rust, EDDIESTEALER is a commodity stealer malware that can gather system metadata, receive tasks from a command-and-control (C2) server, and siphon data of interest from the infected host."
Collection
[
|
...
]