Beware: Ficker-info stealing malware is pretending to be Microsoft Store

Windows remains vulnerable to numerous malware, at least more than its peers and competitors on both desktops and mobile devices, despite improvements.


Despite having an official app store, it is almost too easy to infect a Windows PC by merely installing a malware in the victim’s device.


While Microsoft encourages users to only download apps from its official channels, some hackers are taking advantage of this by developing Fake Microsoft Store apps.


This Fake Microsoft Store is being widely circulated by cybercriminals.


You can browse the Microsoft Store on the web like any other app store.


However, when you click on the installation button, Microsoft Store’s web platform redirects you to the Microsoft Store’s native app, which then completes the installation process.


It’s important to note that you cannot download any application from Microsoft Store’s web portal.


Also read: REvil ransomware gang threatens to leak Apple products blueprints


Unfortunately, some Internet users who are used to downloading installers and ZIP files may be unaware of this.


As a result, the victim does not notice when the Fake Microsoft Store appears exactly like the legitimate Windows app page and begins installing the file.


Unfortunately, what it actually downloads is a version of the information-stealing malware Ficker or FickerStealer.


You might also like: Beware: Hackboss disguising as hacking tool is a cryptocurrency-stealing malware


This information stealing malware, according to Bleeping Computer, can steal passwords and documents, as well as screenshots of the user’s desktop and cryptocurrency wallets.


These bits of information are compressed into a ZIP file and sent back to the attacker for analysis.


Also read: Hackers take advantage of an unpatched Pulse Secure VPN Zero-Day vulnerability to gain access to organizations


Micosoft store, Fake Microsoft store, Ficker, info stealing malware, ficker malware, fake spotify website, Spotify, Microsoft, malware, cybersecurity news


The hackers are also taking advantage of fake Spotify website to trick users into installing the malware, according to cybersecurity firm ESET.


The fact that these are from the actual pages for these applications and services should be obvious from the address bar.


Unfortunately, not all users pay attention to that address, leaving browser makers with the task of detecting such scams.