An essential phishing campaign aims to spread Vidar's information thief to as many terminals as possible.
A SEKOIA cybersecurity scholar, by the name of crep1x, discovered the campaign and raised the alarm on Twitter. In a brief Twitter threat, the scholar claimed that he discovered more than XNUMX domains, all posing as major software brands to push malware (opens in a new tab).
Brands represented in this campaign include AnyDesk, MSI Afterburner, seven-ZIP, Blender, Dashlane, Slack, VLC, OBS, and cryptocurrency trading apps, to name a few. Each and every one of these copycat brands leads to the same site, an AnyDesk clone.
Theft of access codes and cryptocurrencies
For the uninitiated, AnyDesk is a remote desktop application that gives users remote access to personal computers and allows them to transfer files and act as a VPN.
Victims browsing these sites and attempting to download the app will be redirected to a Dropbox folder that is hosted by Vidar's data stealer. A variation of the Arkei information stealer, Vidar is capable of stealing credit cards, login credentials, files, and screenshots. It is also capable of stealing cryptocurrencies, such as bitcoin or ether, from the active wallets (software wallets) of the victim.
According to BleepingComputer, which reported on the crep1x discoveries earlier this week, the campaign is still active and many domains with typos are still active. Some have been closed since then. Dropbox has also been made aware of the misuse of its services to deliver malware and has since removed the link.
However, since each and every malicious site points to the same location, threat actors can easily persist simply by updating the download URL.
The best way to guard against such attacks is to be very careful when downloading software and to ensure that applications are only obtained from verified sources. That said, browsing the AnyDesk site (rather than clicking on a supposed AnyDesk link in an email or social media post) is a good place to start.
Via: BleepingComputer (opens in a new tab)