[MART] - Daily Diary #478 - New Vidar Campaign Abusing Windows CHM Files
ctas-mat at appgate.com
Fri Mar 25 21:19:39 UTC 2022
I hope everyone is doing well!
Below is the entry for today.
03/25/2022 - Diary entry #478
Vidar is an information stealer compiled in C++. It's believed to be a form from Arkei, an older information stealer active in 2018. Among Vidar capabilities, we can highlight exfiltrating system information and data from browsers and installed applications. Vidar is modular. When activated in a system, it contacts the C2 server and downloads settings, dependencies and additional malware (if needed). All the exfiltrated information is sent back to the C2 operator. After the attack is done, Vidar can also delete its files in an attempt to cover its tracks.
This incident shows how careful we need to be with e-mail attachments regarding its format. Threat actors will attempt creative ways to use different file formats that are less likely to be analysed or detected by common security solutions, to embed malicious scripts and obfuscate their attacks.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MART