Pen testing
C2
Vidar is an info stealer that popped up in late 2018 and is a malware-as-a-service. It targets Windows systems, stealing data from browsers, digital wallets and other applications. Vidar can also be a downloader for other malware, including ransomware, making it even more dangerous for compromised systems.
Vidar can collect lots of information from infected machines. It gets browser data such as autofill entries, cookies, browsing history, and saved credentials. It also looks for cryptocurrency wallets to steal digital assets. Besides that, Vidar can get system information, including IP addresses and installed software details, so attackers have a full profile of the victim’s environment.
Distribution
Vidar’s distribution is through social engineering. Threat actors send phishing emails with malicious attachments or links, drive-by downloads from compromised website,s and deceptive ads for fake software downloads. Vidar has been seen to disguise itself as legitimate applications like Adobe Photoshop and Microsoft Teams to trick users into running it.
Evolution and Impact
Since its debut, Vidar has evolved and incorporated features from the Arkei malware family. Its versatility and effectiveness has made it popular among cybercriminals and it’s now one of the most common info stealers in the threat landscape. The fact that it can be a downloader makes its impact even worse, allowing it to drop more malware on compromised systems.
No known variants of Supershell. The platform is customizable so users can create their own payloads and functionality which can result to different implementations.
Implement email filtering to detect and block phishing.
Educate users not to download software from untrusted sources.
Update and patch systems and applications regularly.
Deploy advanced endpoint protection solutions capable of detecting and responding to malware like Vidar.
Vidar’s reach is wide, infections have been reported in various industries. Healthcare, technology, government, retail, business services and real estate have been affected. Its wide distribution methods makes it present in many different environments.
Vidar is a malware-as-a-service so various cybercriminals can use it. But specific threat actors have been linked to its distribution. For example, Scattered Spider has been seen with Vidar campaigns. But since it’s available to anyone, attributing attacks to specific actors is hard.
