Technology

Vidar virus spreads as fake updates for Windows 11

Cybercriminals distribute malware through fake Windows 11 updates. They are distributed through fake Microsoft portals in the form of ISO files. It is in these malicious ISOs that the Vidar malware hides.

The warning has been issued by the Zscaler ThreatLabz team. The latter discovered various newly registered domains by monitoring suspicious traffic in the Zscaler cloud. Fake sites are designed to distribute ISO files that end up causing the “Vidar-infostealer” infection.

Telegram and mastodon

Vidar malware can collect the Command and Control (C2) configuration of social media channels (controlled by attackers) that are hosted on the Telegram and Mastodon networks. Zscaler suggests that the same attacker is actively using social engineering to impersonate popular legitimate apps in order to re-distribute the Vidar malware. A GitHub repository has also been discovered that hosts several backdoor versions of Adobe Photoshop. These binaries distribute Vidar malware using tactics comparable to the abuse of social media channels to contact C2.

The Zscaler ThreatLabz team advises users to be careful and only download the software from the vendors’ official websites.

Together with the Dutch IT channel.

The warning has been issued by the Zscaler ThreatLabz team. The latter discovered various newly registered domains by monitoring suspicious traffic in the Zscaler cloud. Fake sites are designed to distribute ISO files that eventually cause “Vidar-infostealer” infection. Vidar malware can collect the Command and Control (C2) configuration of social media channels (controlled by attackers) that are hosted on the Telegram and Mastodon networks. Zscaler suggests that the same attacker is actively using social engineering to impersonate popular legitimate applications in order to re-distribute the Vidar malware. A GitHub repository has also been discovered that hosts several backdoor versions of Adobe Photoshop. These binaries distribute Vidar malware using tactics similar to the abuse of social media channels to contact C2.. In collaboration with a Dutch IT channel.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.