Cybercriminals are distributing malware disguised as popular software. Users are tricked into downloading password-protected archives containing Trojanized versions of legitimate applications. When the user executes the included “Setup.exe” file, it launches a hidden malware loader that in turn deploys information-stealing malware.
This information-stealer, known as Vidar Stealer, can steal passwords from web browsers. The attack doesn’t stop there though, as additional payloads can be delivered. These payloads may include cryptocurrency miners that steal computing power to generate cryptocurrency for the attackers. They can also include “clipper” malware that redirects cryptocurrency transactions to the attacker’s wallets.
This campaign is just one of several that use social engineering tactics to trick users into installing malware. Another campaign uses emails with a fake “Word Online” error message. Clicking a link to “fix” the error can lead to the installation of malware such as Matanbuchus or DarkGate.
These campaigns highlight the importance of caution when downloading software. Only download software from trusted sources and avoid clicking on links or opening attachments in suspicious emails. Security software can help detect some threats, but it’s crucial to be vigilant as well.
Reference:
