Fortinet Reports Fickle Ransomware Trojan

TapTechNews June 24th news, security company Fortinet recently reported a ransomware Trojan named Fickle. This ransomware is said to be written in the Rust language and claims to be quite complex and flexible.

It is known that the Trojan mainly spreads in the form of VBA macros. Hackers pack the relevant macro file into a WordDoc document. Once an unsuspecting victim opens the document, the victim's computer will automatically download the PowerShell script set by the hacker to the victimized computer.

TapTechNews learned that these scripts are usually u.ps1 or bypass.ps1, whose main purpose is to bypass the Windows User Account Control (TapTechNews note: UAC) protection mechanism and at the same time transmit the victim device information to the robot set by the hacker.

The security company mentioned that the relevant Trojan will conduct a series of checks during the startup process. If it detects that it is in the sandbox software, it will not execute, thereby avoiding detection by the security company. And after the detection passes, the Trojan will scan the digital currency wallet installed on the user's device, Chrome/Firefox browsers, and Discord/Skype chat applications to collect user information, and send the relevant files to the hacker in the form of a JSON string.