The cybercriminals who handle the malware Further they made some troubling changes to their creation.
It is a substantial evolution of the back-end, with some specific solutions to make it more difficult to detect the malicious agent. According to security experts, these changes are the result of the disclosure of Vidar’s modus operandi, with cybercriminals having therefore had to adapt their strategy to the new scenario.
Vidar is a info-stealer active on the scene since late 2018. It is a fork of another malicious agent, known as Arkeisold with the formula malware SaaS at ranging prices from 130 to 750 dollars.
The ways through which Vidar is spread are, in most cases, campaigns phishing e pirated software. Despite this, in recent months they have also been identified Google Ads which contributed to the diffusion of this fearsome info-stealer.
Vidar malware is much harder to detect today than it used to be
The malware in question is equipped with a wide range of functionalities and, once in operation, demonstrates a predilection for the collection of sensitive data from the victims’ computers.
To deal with the malicious agent, the cybercriminals use a legitimate website and to a host, which is located in Russia. The malware and its activities, then, are directed through a system also exploits a Virtual Private Network.
According to the experts of Team Cymru, the evolution of Vidar appears somewhat disturbing “Using the VPN infrastructure, which at least in part was also used by numerous other unaware users, it is evident that Vidar threat actors could take steps to anonymize their management activities by hiding in the undergrowth of the Internet“.
The intense activity of cybercriminals demonstrates how modern malware is not a “static” danger and how it tends to adapt to the context in which it operates.