Double trouble: Two-pronged cyber attack infects victims with data-stealing trojan malware and ransomware

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Cyber criminals are targeting victims with a two-pronged attack that secretly infiltrates systems with data-stealing malware, before dropping ransomware onto the infected system.

Using Internet Explorer and Flash Player exploits delivered in the Fallout exploit kit, the campaign is distributed by what researchers at Malwarebytes describe as a 'prolific' malvertising campaign targeting high-traffic torrent and streaming sites and redirecting users towards two malicious payloads.

The first is Vidar, a relatively new form of malware that targets vast amounts of victims' information -- passwords, documents, screenshots, browser histories, messaging data, credit card details, and even data stored in two-factor authentication software.

Vidar can also target virtual wallets storing Bitcoin and other cryptocurrencies -- the malware is highly customisable and has been distributed by several threat groups in different campaigns. It appears to be named after Norse God Víðarr the Silent -- a name the authors may have chosen to reflect its stealthy capabilities.

Like other data-stealers, Vidar is designed to operate secretly, leaving victims unaware that their systems have been compromised, while the attacker makes off with private information that's packaged up and sent to a command-and-control (C&C) server.

But that isn't the end of the attack, as Vidar's C&C server also operates as a downloader for additional forms of malware; researchers have spotted it being used to distribute GandCrab ransomware.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top