vidar

Vidar Exploiting Social Media Platform (Mastodon)

The ASEC analysis team has recently discovered that Vidar is exploiting a social media platform named Mastodon to create C&C server addresses. Vidar is an info-stealer malware installed through spam emails and PUP, sometimes being disguised as a KMSAuto authenticator tool. It has been consistently distributed since the past, and there was a recent case of it being installed through other types of malware such as Stop ransomware. When Vidar is run, it first accesses the C&C server to receive…

Vidar Info-Stealer Abusing Game Platform

The ASEC analysis team has recently found out that the Vidar info-stealer malware is abusing a game matching program named Faceit to create C&C server URL. Vidar is malware that has been steadily distributed from the past disguised as spam mail, PUP, and KMSAuto authentication tool. Before it performs info-stealing activities, it connects to C&C server to receive commands and download additional DLL files to collect user information. In the past, the malware simply connected to C&C server and received…

Info-leaking Malware Distributed Through Google Keyword Search

The ASEC analysis team has previously dealt with BeamWinHTTP malware being distributed through adware and PUP programs. When users install cracks and keygens by downloading the installers from the phishing page, various PUP programs and BeamWinHTTP malware are installed together. BeamWinHTTP additionally installs info-leaking malware (info-stealers). When users search with keywords like ‘program names,’ ‘cracks,’ and ‘keygens’ in a search engine like Google, they may come across websites with fake shortened URLs. In the example below, the short URL is…