• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
raccoon and vidar stealers spreading via massive network of fake

Raccoon and Vidar Stealers Spreading via Massive Network of Fake Cracked Software

You are here: Home / General Cyber Security News / Raccoon and Vidar Stealers Spreading via Massive Network of Fake Cracked Software
January 16, 2023

A “substantial and resilient infrastructure” comprising above 250 domains is staying used to distribute details-stealing malware these kinds of as Raccoon and Vidar considering that early 2020.

The an infection chain “takes advantage of about a hundred of phony cracked application catalogue websites that redirect to numerous one-way links in advance of downloading the payload hosted on file share platforms, these kinds of as GitHub,” cybersecurity firm SEKOIA said in an examination posted before this month.

The French cybersecurity organization assessed the domains to be operated by a danger actor jogging a targeted traffic path system (TDS), which permits other cybercriminals to hire the provider to distribute their malware.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The attacks concentrate on people hunting for cracked versions of program and game titles on search engines like Google, surfacing fraudulent sites on top by leveraging a approach termed search motor optimization (Website positioning) poisoning to lure victims into downloading and executing the destructive payloads.

The poisoned final result comes with a obtain url to the promised software program that, upon clicking, triggers a five-stage URL redirection sequence to acquire the consumer to a web site exhibiting a shortened hyperlink, which points to a password-protected RAR archive file hosted on GitHub, together with its password.

“Applying various redirections complicates automated evaluation by security options,” the scientists stated. “Carving the infrastructure as these is just about absolutely built to make certain resilience, building it simpler and faster to update or transform a move.”

Fake Cracked Software

Ought to the victim uncompress the RAR archive and operate the purported set up executable contained within just it, possibly of the two malware people, Raccoon or Vidar, are set up on the method.

The enhancement comes as Cyble comprehensive a rogue Google Advertisements marketing campaign that employs commonly-made use of software program these types of as AnyDesk, Bluestacks, Notepad++, and Zoom as lures to provide a characteristic-rich stealer known as Rhadamanthys Stealer.

An alternate variant of the attack chain has been noticed having gain of phishing e-mails masquerading as lender statements to dupe unwitting consumers into clicking on fraudulent one-way links.

Fabricated web-sites impersonating the common remote desktop option have also been place to use in the previous to propagate a Python-based mostly details stealer dubbed Mitsu Stealer.

Both pieces of malware are outfitted to siphon a extensive range of particular info from compromised machines, harvest credentials from web browsers, and steal information from different cryptocurrency wallets.

Customers are suggested to refrain from downloading pirated software and implement multi-factor authentication anywhere probable to harden accounts.

“It is essential for customers to training warning when receiving spam e-mails or to check out phishing sites and to validate the source right before downloading any purposes,” the researchers claimed.

Uncovered this article intriguing? Abide by us on Twitter  and LinkedIn to read through additional special written content we submit.


Some pieces of this article are sourced from:
thehackernews.com

Previous Post: «a secure user authentication method – planning is more important A Secure User Authentication Method – Planning is More Important than Ever
Next Post: Microsoft releases scripts to restore shortcuts deleted in faulty Windows Defender update microsoft releases scripts to restore shortcuts deleted in faulty windows»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
  • Meta Adds Passkey Login Support to Facebook for Android and iOS Users

Copyright © TheCyberSecurity.News, All Rights Reserved.