vidar-malware

Analysis

The Vidar malware operators have made changes to their backend infrastructure, rotating IP addresses and utilizing providers in Moldova and Russia to evade detection. They have split their infrastructure into separate parts and introduced authentication measures for file downloads. By using VPN infrastructure and accessing legitimate websites, the threat actors attempt to anonymize their activities and hide within normal internet traffic. Additionally, they have incorporated TOR relays for added anonymity. These adaptations demonstrate the threat actors' efforts to conceal their operations and make it more challenging for cybersecurity professionals to track and combat Vidar malware effectively. Staying informed and implementing robust security measures are essential to mitigate the risk of such attacks.

Prevention

  • Educate users on the features and transmission techniques of Vidar.
  • Ensure that Vidar virus can be identified and avoided using your protection programme.
  • For the most recent Vidar versions to be detected, keep your security software updated.
  • To receive prompt protection from Vidar, enable automatic updates.
  • Use strong, one-of-a-kind passwords to reduce unauthorised access that Vidar is targeting.
  • Use cautious while clicking on links and email attachments that may lead to websites that contain Vidar.
  • Maintain regular data backups to lessen the effect of prospective Vidar infections.
  • Put strong network security measures in place, such as firewalls and intrusion detection systems.
  • For improved detection capabilities, keep up with Vidar's changing techniques and the newest cybersecurity best practises.

Detection

  • Run routine system scans to look for any Vidar malware indicators.
  • Look for communication with known Vidar-related IP addresses or domains in network traffic.
  • Look for unanticipated system slowdowns, excessive network activity, or unauthorised access attempts by analysing system behaviour.
  • Be aware of indications of compromise (IOCs) linked to the Vidar virus, such as well-known file hashes, IP addresses, domains, or behavioural patterns.
  • To find and stop Vidar-related activity, use intrusion detection systems (IDS) or intrusion prevention systems (IPS).
  • Conduct threat hunting by looking for trends or abnormalities in system logs, network traffic, and pertinent data.
  • Users should be encouraged to report any unexpected or suspicious activities they come across on their systems or devices.

References

https://thehackernews.com/2023/06/researchers-uncover-publisher-spoofing.html 

 

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.