Many users could now be a victim of a two-fold cyber attack, one that combines the malicious abilities of Vidar with Gandcrab. This latest malvertising attack is designed to steal private and confidential data and then encrypt the victim system. After that, all that a victim sees is a ransom note, which flashes on the system, asking for the booty to be paid in Bitcoin or Dash.
What does Vidar do?
No, Vidar is not ‘The Silent One’ from Ragnarok, but an aptly named malware which the threat actors use to steal a victim’s confidential data. Vidar is a sly malware, designed to steal data from the browser, it doesn’t matter which one you are using, even the Tor browser can be vulnerable.
After stealing the victims data, the operators attempt to steal money or cryptocurrency, then Gandcrab will take over. A victim is left without much evidence and only with the direction to pay more to retrieve the already compromised data on their systems.
The Attack
Those who are into online audio and video streaming, using torrents are at a higher risk of being attacked by Vidar, followed by Gandcrab. The threat actors use C2 servers and rogue domains to do the job. Then, the malware is dropped into the victim’s system through a rogue ad domain. With that, they infect the system with Vidar and a victims personal information is consequently compromised. If one presumed that crypto wallets were safe, think again. Vidar is capable of extracting the same and looting a victims virtual coins and tokens. Vidar can also extract any victim credit card info, 2-way authentication codes screenshots etc…
The final nail in the coffin is where Gandcrab is deployed on the victim machine, thus encrypting all data.
Do let us know in the comments if you have any first hand experience of this malware