![]() The most recent Vidar campaign delivered the malware payload via the Dropbox file hosting service, which is trusted by AV tools, rather than hiding it behind redirections to avoid detection and takedowns. ![]() Notably, the malware will take the victims’ browsing history, login information, previously-saved passwords, cryptocurrency wallet data, banking details, and other private information.Īfter being provided back to the attackers, this information may be used for other nefarious purposes or sold to other threat actors. However, Vidar stealer, a malware that has been around since 2018, is installed in place of the remote access software. Researchers say the websites were spreading a ZIP file with the name “AnyDeskDownload.zip” that claimed to be an AnyDesk software installer. Reports stated that most domains are still active, however, some have been reported and taken offline by registrars or are banned by antivirus software.Īlso, the threat actor can easily solve this by changing the download URL to another site, but since every element of this campaign points to the same website. The Vidar distribution uses a fake AnyDesk website The list of the hostnames includes typosquats for AnyDesk, MSI Afterburner, 7-ZIP, Blender, Dashlane, Slack, VLC, OBS, cryptocurrency trading apps, and other popular software. (a rather curious campaign!) /vqbw34USwx- crep1x January 8, 2023 1300+ domains are hosting a webpage that impersonates the official AnyDesk website.Īll webpages redirect the user to the same Dropbox link, downloading #Vidar stealer (botnet 586).Īll domains resolve the IP address 185.149.1209
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |