Another information stealer malware dubbed Vidar stealer has emerged, equipped with advanced capabilities to manipulate social media platforms as an arbitrator command-and-control server.
This newly emerged infostealer followed the recently discovered new malware distribution methodology from the BitRAT operators.
According to researchers, the Vidar Stealer is constantly making disposable social media accounts from multiple platforms such as Steam, TikTok, Mastodon, and Telegram. Moreover, the threat actors develop a new profile on these social media entities and write several identifying characters and the command-and-control address on the profile page.
One of the pros this tactic provides is that such traffic is very challenging for security solutions to identify and block via low-quality defences.
The attacker could set up a new server and edit the account pages if its C2 server is taken down or blocked. This strategy could also allow their previously launched malware to communicate with the server.
The Vidar Stealer operators have abused social media platforms to execute attacks.
Some researchers discovered that the Vidar Stealer operators allegedly own an account on the Ultimate Guitar platform, which is currently operational.
Upon malware execution, several strings are decrypted by the attackers, and multiple garbage codes are passed as arguments. Hence, they could be used by the actors as string-modifying functions.
Furthermore, the malware will check if the target has the Windows Defender Emulator; if it is present, it will disrupt its execution and shut it down.
Other researchers noticed that the malware connects to the threat actor’s account page to download the command-and-control address that is hard coded in the binary. The most recent malware strain they have collected on this malware is variant v 56[.]1, which is compressed into a ZIP archive.
The exploit of a well-known social media platform allows malware such as the Vidar Stealer to remain in its targets for extended periods. Cybersecurity experts claimed that this new malware distribution strategy is one of many since the actors constantly develop new methods and creative ways to compromise targeted individuals.
