Security News > 2023 > January > The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media
The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control server.
What's new in the latest version of the malware is that the gathered data is encoded prior to exfiltration, a change from the previous variants that have been known to send the compressed file data in plaintext format.
The development comes amid recent findings that the malware is being distributed using a variety of methods, including malicious Google Ads and a malware loader dubbed Bumblebee, the latter of which is attributed to a threat actor tracked as Exotic Lily and Projector Libra.
Risk consulting firm Kroll, in an analysis published last month, said it discovered an ad for the GIMP open source image editor that, when clicked from the Google search result, redirected the victim to a typosquatted domain hosting the Vidar malware.
The evolution of malware delivery methods in the threat landscape is in part a response to Microsoft's decision to block macros by default in Office files downloaded from the internet since July 2022.
"Disk image files can bypass the MotW feature because when the files inside them are extracted or mounted, MotW is not inherited to the files," ASEC researchers said, detailing a Qakbot campaign that leverages a combination of HTML smuggling and VHD file to launch the malware.
News URL
https://thehackernews.com/2023/01/the-evolving-tactics-of-vidar-stealer.html
Related news
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)