New Vidar malware campaign sets sights on online sellers

BleepingComputer reports that new attacks deploying the Vidar information-stealing malware have been launched against online sellers during the past week. Online store admins were observed to be targeted with emails from the threat actors masquerading as customers, which purported a $550 deduction from their bank accounts despite a failed order and included a bit.ly link that redirects to a fake Google Drive site. Further investigation by BleepingComputer revealed that sites used by attackers either display a sample bank statement or prompt a download of the "bank_statement.scr" executable, which has been detected by Recorded Future's Triage as Vidar. Information exfiltrated by the Vidar info stealer, including browser cookies and history, passwords, text files, cryptocurrency wallets, Authy 2FA databases, and active Windows screen captures, could then be leveraged to facilitate further breaches or sold to other threat actors. Online sellers who may have been impacted have been urged to perform malware scans and replace all account passwords to prevent more attacks.