To Avoid Detection, Vidar Stealth Operators Use SM Platforms

 

Several days ago, the commercially available off-the-shelf malware BitRat was observed with a newly discovered distribution method for how it was spread. Now, a new information theft malware called Vidar Stealer has been discovered. This malware uses advanced techniques to exploit popular social media platforms as an intermediary server to send valuable information to the attacker. 
Using Social Media Platforms as a Means of Hiding 
Researchers from AhnLab have discovered that Vidar Stealer is constantly creating throwaway accounts on popular social media platforms, such as TikTok, Telegram, Steam, and Mastodon.  
  • To commit attacks, attackers create their own social media profiles and add identifying characters, along with their C2 address, to the profile. 
  • In addition to its advantages, such traffic can be very challenging to identify and block using trivial security strategies since such traffic is difficult to detect and block. 
  • If the C2 server becomes unavailable or is blocked, attackers can set up an account and edit the account pages from this newly created server. Through this protocol, previously distributed malware can be contacted by the server.  

An In-Depth Look&

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: