Cyber criminals are targeting victims with a two-pronged attack that secretly infiltrates systems with data-stealing malware, before dropping ransomware onto the infected system.
Using Internet Explorer and Flash Player exploits delivered in the
Fallout exploit kit, the campaign is distributed by what
researchers at Malwarebytes describe as a 'prolific' malvertising campaign targeting high-traffic torrent and streaming sites and redirecting users towards two malicious payloads.
The first is Vidar, a
relatively new form of malware that targets vast amounts of victims' information -- passwords, documents, screenshots, browser histories, messaging data, credit card details, and even data stored in two-factor authentication software.
Vidar can also target virtual wallets storing
Bitcoin and other cryptocurrencies -- the malware is highly customisable and has been distributed by several threat groups in different campaigns. It appears to be named after Norse God
Víðarr the Silent -- a name the authors may have chosen to reflect its stealthy capabilities.
Like other data-stealers, Vidar is designed to operate secretly, leaving victims unaware that their systems have been compromised, while the attacker makes off with private information that's packaged up and sent to a command-and-control (C&C) server.
But that isn't the end of the attack, as Vidar's C&C server also operates as a downloader for additional forms of malware; researchers have spotted it being used to distribute
GandCrab ransomware.
