New Rust-Based EDDIESTEALER Malware Targets Crypto Wallets and Personal Data

Cybersecurity experts at Elastic Security Labs have uncovered a dangerous new malware strain named EDDIESTEALER, built using the Rust programming language. This advanced infostealer malware is designed to extract sensitive data such as saved passwords, browser history, and crypto wallet credentials.

Hackers are distributing EDDIESTEALER through deceptive “I’m not a robot” CAPTCHA pop-ups on malicious websites. These fake CAPTCHA pages instruct users to paste a PowerShell command, unknowingly executing a hidden script that downloads the final payload—the EDDIESTEALER binary.

Once deployed, the malware decrypts its internal code, dynamically loads Windows API functions, and connects to remote hacker-controlled servers. From there, it receives a set of tasks that typically involve scanning the infected device for valuable files, especially those linked to cryptocurrency wallets—like keystroke logs, JSON wallet config files, private keys, and seed phrases.

In a particularly concerning twist, EDDIESTEALER can bypass the encryption of Chromium-based browsers using a tool called ChromeKatz. This enables it to extract login credentials, session tokens, and other sensitive data directly from memory—making even secured browsers vulnerable.

After completing its data theft, EDDIESTEALER automatically deletes itself to minimize detection and prevent forensic analysis.

This incident serves as a warning to crypto users and everyday internet users alike. Avoid copying and pasting commands from untrusted sources, and ensure your system is protected with up-to-date antivirus software. The emergence of EDDIESTEALER underlines the growing use of Rust in malware development, due to its speed and low detection rates.