vidar (4)

12621693076?profile=RESIZE_400xA "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro.  Multiple malware variants suggest a broad cross-platform targeting strategy, while the overlapping C2 infrastructure points to a centralized command setup, possibly increasing the efficiency of

11001479897?profile=RESIZE_400xRecently, cyber threat actors have been observed using AI-generated YouTube Videos to spread various stealer malware such as Raccoon, RedLine, and Vidar.   The videos lure users by pretending to be tutorials on downloading cracked software versions such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other licensed products available only to paid users.  Nothing is free on the Internet; you may be paying with a malware infection.

See:  https://redskyalliance.org/xindustry/raccoon-pass

10923797266?profile=RESIZE_400xRisePro is an information-stealing malware that was first discovered in mid-December 2022.  The earliest log recording from this malware, as of the time of this writing, was December 12th, 2022.  The logs found were posted to Russian Market, which is a log shop that is like other markets, such as Genesis.  There appeared to be multiple thousands of logs posted [2].  RisePro appears to be written in C++ and acts similarly to the “Vidar” malware.  According to a Joe Sandbox analysis, RisePro exhib

10879261686?profile=RESIZE_400xActivity Summary - Week Ending on 10 November 2022:

  • Red Sky Alliance identified 23,574 connections from new IP’s checking in with our Sinkholes
  • Timeweb[.]ru hit 251x – for the 2nd Week
  • Analysts identified 1,762 new IP addresses participating in various Botnets
  • Patching is Very Important
  • Microsoft Patch Tuesday
  • YouTube - You’re Not Helping
  • Vidar stealer
  • Stolen Data in Australia
  • Lloyd’s of London
  • School System Stands its Ground
  • Oil & Gas - ABBs

Link to full report: IR-22-313-001_weekly313.pdf