January 17, 2021

TerabitWeb Blog

Fascinating Technology and Security Information

Cybercriminals double up using Vidar and GandCrab in single attacks

2 min read

Original post from SC Magazine

At least one threat actor is using a combination of the info stealer Vidar and GandCrab ransomware to put a double whammy on their victims.

Jerome Segura, head of investigations at Malwarebytes Labs, has tracked the campaign, which uses the Fallout and GrandSoft exploit kits to first install Vidar and then a secondary payload containing GandCrab.

The first step has the attackers using a rogue advertising domain to redirect victims to one of the two EKs, depending upon their location, with Fallout being the primary EK used. The next step is to install Vidar, which can be found for sale at around $700. Segura described Vidar as extremely flexible capable of stealing a wide range of content including a large number of digital wallets browser histories and instant messages. In each case, the user sets the parameters for what the malware will remove from the target.

All of the info is stored in a .zip folder and sent to the command and control server and this sets the stage for the second payload which starts within about one minute of the initial download.

“Vidar also offers to download additional malware via its command and control server. This is known as the loader feature, and again, it can be configured within Vidar’s administration panel by adding a direct URL to the payload,” Segura said.
Once installed GandCrab will encrypt the device’s files and replace the computer’s wallpaper with the ransom note.

Once installed GandCrab will encrypt the device’s files and replace the computer’s wallpaper with the ransom note.

Time flies not only when one is having fun, but when one’s organization is covering what is arguably the most important news topic in the world today. Cybersecurity.

The post Cybercriminals double up using Vidar and GandCrab in single attacks appeared first on SC Media.


Go to Source
Author: Doug Olenick

Copyright © All rights reserved. | Newsphere by AF themes.