1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hundreds of fake AnyDesk sites push Vidar info-stealing malware

    From TechnologyDaily@1337:1/100 to All on Wed Jan 11 20:30:03 2023
    Hundreds of fake AnyDesk sites push Vidar info-stealing malware

    Date:
    Wed, 11 Jan 2023 20:24:29 +0000

    Description:
    A major campaign was recently discovered, with more than 1,300 fake sites promoting malware.

    FULL STORY ======================================================================

    A major impersonation campaign is aiming to distribute the Vidar infostealer to as many endpoints as possible.

    Cybersecurity researcher from SEKOIA, going under the name crep1x, discovered the campaign and rang the alarm on Twitter. In a short Twitter threat, the researcher said he discovered more than 1,300 domains, all of which impersonate major software brands to push the malware .

    The brands impersonated in this campaign include AnyDesk, MSI Afterburner, 7-ZIP, Blender, Dashlane, Slack, VLC, OBS, and cryptocurrency trading apps,
    to name a few. All of these impersonated brands lead to the same website, a clone of AnyDesk. Stealing passwords and cryptocurrency

    For the uninitiated, AnyDesk is a remote desktop application that gives users remote access to personal computers and allows them to transfer files and be used as a VPN .

    Victims that navigate to these sites and try to download the application
    would be redirected to a Dropbox folder hosting the Vidar infostealer. A variant of the Arkei infostealer, Vidar is capable of stealing credit cards, login credentials, files, and grab screenshots. It is also capable of
    stealing cryptocurrencies, such as bitcoin or ether, from the victims hot wallets (software wallets). Read more

    Vidar spyware is now hidden in Microsoft help files


    This fake GIMP Google ad just ends up serving malware


    This is the best endpoint protection software right now

    According to BleepingComputer, which reported on crep1xs findings earlier
    this week, the campaign is still active and many of the typosquatted domains are still active. Some have been shut down in the meantime. Dropbox was also notified of its services being abused to distribute malware and has killed
    the link in the meantime.

    However, given that all of the malicious sites point to the same place, the threat actors can persist easily by simply updating the download URL.

    The best way to protect against such attacks is to be extra careful when downloading software and making sure the apps are only obtained from verified sources. That being said, navigating to the AnyDesk website (as opposed to clicking a supposed AnyDesk link in an email or a social media post) is a
    good place to start. Check out the best firewalls at the moment

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/hundreds-of-fake-anydesk-sites-push-vidar-info- stealing-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)