Ecommerce firms are being targeted by this dangerous malware - here’s how to stay safe

Hackers are distributing Vidar malware again

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you’re running anecommercebusiness, be mindful of emails from alleged customers claiming they were erroneously charged, as these could well be phishing attempts looking to distributemalware.

BleepingComputer obtained a copy of an email which, besides all of the above, shares a “bank statement” that serves as “proof” of the erroneous transaction.

However, the bank statement ultimately leads to the deployment of the Vidar infostealer. There are also other methods that lead to the same endgame, including a fakeGoogleDrive link with files such as “bank_statement.scr".

Protecting your business from the biggest threats onlinePerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Fake transactions

Vidar is an infamous trojan that’s capable of stealing all kinds of sensitive information from the target endpoint,browsercookies, browser history, saved passwords, cryptocurrency wallets, text files, Authy two-factor authentication information, and more. Vidar is also capable of grabbing screenshots, too.

Once the trojan collects sensitive data, it will create a folder containing all the information and upload it to a remote server, for the attacker’s convenience. After that, the contents of the folder will be deleted, leaving only an empty folder as proof of the exfiltration.

These are the best endpoint protection tools>Top server maker added to US blacklist>Banned Chinese firms are simply renting US cloud tech - and getting a pretty decent deal

Usually, the threat actors would do one of two things with the stolen data: use it for stage two attacks (deployingransomware, engaging in extortion, identity theft, wire fraud, or similar), or sell it on the black market for someone else to exploit.

If you received an email such as this one which proved to be a fake, make sure to scan your computer with antivirus programs and endpoint security solutions to remove any possible malware or trojans. If the programs find evidence of compromise, it’s pivotal you change your passwords, especially those associated with money.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time