Counterfeit Windows 11 installers are being used by malicious actors to distribute the Vidar information-stealer malware
Zscaler researchers discovered the emergence of newly registered domains impersonating the real download portal for Microsoft Windows 11 OS last month. The file on the fake website has been found to be an .ISO with the Vidar payload. Telegram channels with the same command-and-control server addresses in threat actors' social media profiles have also been opened. Attackers have been leveraging a static configuration for C2 access, as well as social media profiles as backup URLs, according to the report, which also revealed that several backdoored Adobe Photoshop versions have also been observed in a GitHub repository.
"The threat actors distributing Vidar malware have demonstrated their ability to social engineer victims into installing Vidar stealer using themes related to the latest popular software applications. As always, users should be cautious when downloading software applications from the Internet," said researchers.