Intrusions have recently been identified involving trojanized versions of the Cisco Webex Meetings application distributed as fake or cracked copies of the software, aiming to deploy the Vidar Stealer Malware. The malicious activity begins with the extraction and running of a “Setup.exe” file in password-protected archives housing the infected application. This action triggers the loading of DLLs that introduce the Hijack Loader malware, ultimately leading to the installation of the Vidar Stealer. The malicious software is designed to steal browser credentials, escalate privileges, and potentially deliver other forms of malware, including cryptocurrency mining tools.
A recent analysis by Trellix highlighted the complexity of the attack, revealing a chain of events that ultimately result in the deployment of the Vidar Stealer. The researchers also noted that the perpetrators behind the campaign have been using various tactics to distribute additional malware, such as cryptocurrency miners, further complicating the threat landscape. This finding is consistent with a report by Proofpoint, which highlighted separate cybercrime campaigns leveraging social engineering tactics to trick users into executing PowerShell scripts. These scripts ultimately lead to the installation of a variety of malware strains, including Lumma Stealer, DarkGate, and NetSupport RAT.
The researchers emphasized the challenge of detecting and mitigating such threats due to the blending of legitimate software with malicious code. In many cases, victims unknowingly execute the malicious code without any clear indication of its true intentions, making it difficult for traditional security measures to detect and prevent such attacks. The use of social engineering techniques adds another layer of complexity to these campaigns, as threat actors exploit human vulnerabilities to bypass security controls and infiltrate targeted systems.
In conclusion, the recent surge in attacks involving trojanized software highlights the evolving tactics of cybercriminals in infiltrating and compromising organizations. The combination of legitimate applications with malicious payloads poses a significant challenge for traditional security solutions, necessitating a more proactive and comprehensive approach to cybersecurity. Organizations are advised to stay vigilant, implement multi-layered security measures, and educate employees on the importance of cybersecurity hygiene to mitigate the risks posed by sophisticated threats like the Vidar Stealer malware.
Article Source
https://www.scmagazine.com/brief/vidar-infostealer-spread-via-trojanized-cisco-webex-app