A major impersonation campaign is aiming to distribute the Vidar infostealer to as several endpoints as attainable.
Cybersecurity researcher from SEKOIA, likely underneath the identify crep1x, identified the campaign and rang the alarm on Twitter. In a small Twitter menace, the researcher mentioned he identified a lot more than 1,300 domains, all of which impersonate big software package brand names to press the malware (opens in new tab).
The manufacturers impersonated in this marketing campaign include AnyDesk, MSI Afterburner, 7-ZIP, Blender, Dashlane, Slack, VLC, OBS, and cryptocurrency buying and selling apps, to title a couple of. All of these impersonated manufacturers guide to the very same web site, a clone of AnyDesk.
Stealing passwords and cryptocurrency
For the uninitiated, AnyDesk is a remote desktop software that offers buyers distant obtain to private computers and will allow them to transfer files and be used as a VPN.
Victims that navigate to these web sites and check out to obtain the application would be redirected to a Dropbox folder hosting the Vidar infostealer. A variant of the Arkei infostealer, Vidar is able of stealing credit rating cards, login credentials, data files, and seize screenshots. It is also capable of thieving cryptocurrencies, this sort of as bitcoin or ether, from the victim’s sizzling wallets (computer software wallets).
According to BleepingComputer, which reported on crep1x’s findings earlier this 7 days, the marketing campaign is even now lively and several of the typosquatted domains are nevertheless active. Some have been shut down in the meantime. Dropbox was also notified of its products and services remaining abused to distribute malware and has killed the hyperlink in the meantime.
Even so, presented that all of the destructive web pages place to the very same area, the menace actors can persist simply by just updating the down load URL.
The very best way to protect towards this sort of assaults is to be additional mindful when downloading application and making confident the applications are only attained from confirmed resources. That getting stated, navigating to the AnyDesk site (as opposed to clicking a intended AnyDesk website link in an e-mail or a social media submit) is a great place to get started.
Via: BleepingComputer (opens in new tab)