Free Phone Consultation For New Clients | CONTACT NOW

Vidar Distributed Through Backdoored Windows 11 Downloads and Abusing Telegram

Zscaler delivers the world’s largest security platform built for the cloud, with the aim of delivering a zero-trust approach to safeguarding your enterprise and protecting users from phishing, ransomware and other attacks.

One of the most popular types of attack for malicious actors is to compromise innocent users through phishing tactics. Phishing is an email attack disguised as a legitimate message from a trusted source; rather than delivering malware, the attacker tries to trick the user into providing their credentials, allowing them access to their system and any data stored on it.

The average American employee receives around 121 emails every day, which equates to over 50,000 messages sent per year. This means that users have to be careful not only of what they click but also what emails they open. Every single email sent by an organization is associated with a unique ID, which can be used to send messages to the user or their colleagues.

Researchers at Zscaler were recently able to distribute an attack via Skype – a popular messaging program among enterprise workers – that left the malware undetectable by traditional signature-based antivirus solutions. The attack began with an impersonation of Skype user chat messages. Within the message was a link that leads to a website posing as Microsoft’s download site for Skype, available from its official download page.

If the user clicks anywhere on the screen while the malicious website is open, they will be redirected to Vidar, a malware downloader which is currently being distributed through Windows 11 downloads and abusing Telegram. The Vidar malware attempts to download other malware from a remote server as well as install additional ransomware modules.

How did attackers distribute the exploit via Skype?

The attacker impersonated a victim using the Skype web client. Even though the web client has no real-time content like audio or video, it allows you to share links via chat and also supports group chat.

In the message, the attacker sent a URL pointing to a site where they hosted malicious code. This code was able to detect if the user moved their mouse in any way while the browser window was open, which indicated that they opened their browser and read the message. If so, it would wait for a period of time, up to 10 seconds. Then it would trigger an infinite loop and display a fake error page notifying them that Skype was updating.

Source: Vidar distributed through backdoored Windows 11 downloads and abusing Telegram - AlienVault - Open Threat Exchange

Need secure managed IT services in the Greenville, SC, area?