Vidar is a family of malware that primarily functions as an information stealer and is often seen as a channel to allow ransomware to be deployed. The malware was originally activated in late 2018.
We are here to talk about this threat because Security Researchers found an email malware campaign in February 2022 that delivers said info-stealer.
As we well know, this threat has been very active lately making its last appearance in March this year and now… They are using counterfeit Windows 11 installers which distribute Vidar data stealing malware.
Notably, Zscaler researchers cracked down on the appearance of newly registered domains posing as the actual download portal for the Microsoft Windows 11 operating system last month. The file on the fake website has been found to be an .ISO with the Vidar payload.
Telegram channels with the same command and control server addresses have also been opened on the social media profiles of threat actors. Attackers have been leveraging a static configuration for C2 access, as well as social media profiles as fallback URLs, according to the report, which also revealed that multiple versions of Adobe Photoshop have also been observed backdoored in a GitHub repository.
Such malware is frequently updated as we have seen to defeat signature scanning anti-malware products so we must do our part and avoid any suspicious links and sites.
