Chasing Eddies: New Rust-based InfoStealer used in CAPTCHA campaigns

Elastic Security Labs identified EDDIESTEALER, a Rust-implemented infostealer distributed through fake CAPTCHA pages that trick victims into executing a PowerShell loader; the malware retrieves a task list from C2, targets browser data, password managers, FTP clients, messaging apps, and numerous cryptocurrency wallet files, and exfiltrates each completed task in separate AES-encrypted HTTP POST requests. The report includes detailed static/dynamic analysis (string/API obfuscation, custom WinAPI resolution, mutex naming, sandbox checks, self-deletion via NTFS ADS), Chromium memory extraction techniques, configuration and C2 message formats, detection guidance, and a set of IOCs (hashes, domains, IPs).