Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Vidar Stealer. Show all posts

New Information-Stealing Malware Campaign Targets Online Sellers

Online sellers have become the latest targets of a new information-stealing malware campaign that aims to compromise their sensitive data. Security researchers have discovered a strain of malware called Vidar being deployed in this campaign, with attackers using various methods to distribute the malicious software.

Vidar is a well-known information-stealing malware that has been active since at least 2018. It is designed to collect sensitive data from infected systems, including login credentials, financial information, and other personal details. The malware operates by monitoring the victim's activities and capturing keystrokes, taking screenshots, and even recording audio if necessary.

In this recent campaign, attackers have specifically focused on online sellers, recognizing the potential financial gain from stealing their login credentials and gaining unauthorized access to their e-commerce platforms. By compromising online seller accounts, attackers can manipulate product listings, redirect payments, and exploit customer data for fraudulent purposes.

The distribution methods employed in this campaign are diverse. They range from phishing emails containing malicious attachments or links to infected websites that host exploit kits. Once the malware is successfully installed on the victim's system, it remains silent and works stealthily in the background, gathering valuable information without the user's knowledge.

To protect against this type of threat, online sellers and individuals should implement robust cybersecurity practices. These include regularly updating operating systems and software to patch known vulnerabilities, employing strong and unique passwords for all online accounts, and being cautious when opening email attachments or clicking on suspicious links.

Furthermore, it is crucial to educate employees and individuals about the risks of phishing attacks and social engineering techniques commonly used by cybercriminals. By raising awareness and promoting a security-conscious mindset, organizations can significantly reduce the likelihood of falling victim to such malware campaigns.

Security solutions, including robust antivirus and anti-malware software, should be installed and kept up to date to detect and mitigate any potential threats. Regular system scans should also be conducted to identify and remove any malicious files or software.

The discovery of this new information-stealing malware campaign serves as a reminder that cybercriminals are continuously evolving their tactics and targeting specific industries for financial gain. Online sellers, in particular, should remain vigilant and implement strong security measures to safeguard their valuable data and protect their customers from fraud and identity theft.


Introducing Stealc, a New Infostealer

Stealc, a new data stealer that has emerged on the dark web, is gaining popularity largely to heavy marketing of its theft capability and resemblances to related viruses like Vidar, Raccoon, Mars, and Redline.

Researchers at SEKOIA.IO in January 2023 came upon a brand-new information thief called Stealc that was marketed in dark web forums. The info-stealer was created by a threat actor going by the handle Plymouth, who claims it supports a broad range of stealing abilities.

Stealc has been promoted on hacker forums by a user going by the handle "Plymouth," who described the malware as having strong data-stealing abilities and a simple administrative interface.Plymouth released multiple iterations of Stealc and shared changelogs on various message boards and a dedicated Telegram channel.

Several Stealc samples were discovered in the wild in February by specialists; these samples resembled raccoons and vidars. More than 40 Stealc C2 servers were found by SEKOIA, indicating the malware's rising ubiquity among cybercriminals that distribute stealers. Considering users who have access to the administration panel can create fresh stealer samples, which raises the likelihood that the virus will spread to more people, this popularity may be explained.

Stealc's functionality

Stealc is capable of stealing private information from widely used online browsers, desktop cryptocurrency wallets, browser extensions for cryptocurrency wallets, and other software including email and instant messaging clients. Stealc implements a programmable data gathering setup and supports a programmable file grabber, in contrast to existing stealers.

Stealc gathers information from the victim's browser, extensions, and programs. If the grabber rules are activated, it also captures files that fit those rules. The malware then deletes both itself and the downloaded DLL files from the infected system after data have been sent to the C2.

The malware is spread by attackers via YouTube videos. Together with links to a download site, the videos offer instructions on how to set up cracked software. This website is used to deceive the victims into downloading malware-filled software. With the use of YARA and Suricata rules, SEKOIA published signals of compromise (IoCs) for such a threat.






Italian Users Warned of New Info-Stealer Malware Campaign


The Uptycs Threat research team has revealed a new malware campaign, targeting Italy with phishing attacks in order to deploy information-stealing malware on victims’ compromised Windows systems. 

According to Uptycs security researcher Karthickkumar Kathiresan, the malware campaign is designed to acquire sensitive information like system details, cryptocurrency wallet information, browser histories, cookies, and login credentials of crypto wallets. 

Details of the Campaign 

  • The multiple-stage infection sequence begins with an invoice-themed phishing email that comprises a link that downloads a password-protected ZIP archive file containing two files: A shortcut (.LNK) file and a batch (.BAT) file. 
  • Irrespective of what file has been deployed, the attack chain remains the same, fetching a batch script that installs an information-stealing payload from a GitHub repository. This is achieved by utilizing a legitimate PowerShell binary that as well is retrieved from GitHub. 
  • After being installed, the C#-based malware gathers system metadata and information from a variety of web browsers and cryptocurrency wallets, and then it transfers that data to a domain that is under the authority of an actor. 

Info-stealers You Should Beware of

Vidar stealer: It resurfaced with certain sophisticated tactics in order to exploit popular social media platforms such as Telegram, Mastodon, TikTok, and Steam. Back in December 2022, numerous information stealers were discovered targeting the PyPI repository. It was discovered that 16 packages, each of which had been downloaded more than 100 times, were being used to distribute ten different stealer variants. 

In today’s world of cybercrime, which is constantly evolving, one of the most severe forms of malware that one must beware of is the info-stealer. This covert digital burglar may sneak into your devices and networks to steal sensitive information, consequently rendering you vulnerable to identity theft, financial fraud, or more devastating repercussions. 

In order to protect oneself from malware attacks like info-stealer, it is advised by Uptycs to update passwords regularly and employ robust security controls with multi-layered visibility and security solutions.  

This Malware is Spreading Via Fake Cracks

 

An updated sample of the CopperStealer malware has been detected, infecting devices via websites providing fraudulent cracks for applications and other software.

Cyber attackers employ these bogus apps to perform a range of assaults. The hackers in this assault operation took advantage of the desire for cracks by releasing a phoney cracked programme that actually contained malware. 

The infection starts with a website or Telegram channel offering/presenting false cracks for downloading and installing the needed cracks. The downloaded archive files include a password-protected text file and another encrypted archive. 

The decrypted archive displays the executable files when the password specified in the text file is typed. There are two files in this sample: CopperStealer and VidarStealer. 

What are the impacts of Copper Stealer and Vidar Stealer on the systems? 

CopperStealer and Vidar stealer can cause many system infections, major privacy problems, financial losses, and identity theft. 
  • CopperStealer: The primary function of CopperStealer is to steal stored login information - usernames and passwords - as well as internet cookies from certain browsers. Mostly focuses on the login details for business-oriented Facebook and Instagram accounts. CopperStealer variants also seek login credentials for platforms and services such as Twitter, Tumblr, Apple, Amazon, Bing, and Apple. The malware can steal Facebook-related credentials from browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, and Yandex.
  • Vidar stealer: The most common ways for this malware to propagate are through pirated software and targeted phishing efforts. Vidar stealer is capable of stealing credit cards, usernames, passwords, data, and screenshots of the user's desktop. The malware steals data from a range of browsers and other system apps. It can also steal cryptocurrency wallets such as Bitcoin and Ethereum. 
Safety first

Attackers can utilise data stealers like CopperStealer to steal sensitive information for more illegal reasons. Users can stay secure by taking the following precautions: 
  • Downloading cracks from third-party websites should be avoided. 
  • Keep the systems up to date with the newest patches. 
  • It is highly advised that security detection and prevention technologies be enabled to safeguard systems from attacks.