Vidar distributed through backdoored Windows 11 downloads and abusing Telegram | allinfosecnews.com

May 19, 2022, 3 p.m. | Sudeep Singh

Security Boulevard securityboulevard.com

Summary

In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal. We discovered these domains by monitoring suspicious traffic in our Zscaler cloud. The spoofed sites were created to distribute malicious ISO files which lead to a Vidar infostealer infection on the endpoint. These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network.

ThreatLabz …

abusing distributed downloads telegram vidar windows windows 11

More from securityboulevard.com / Security Boulevard

Baby ASO: A Minimal Viable Transformation for Your SOC 12 hours ago | securityboulevard.com

aso axiom baby change +16

LabHost Phishing Platform is Latest Target of International Law Agencies 15 hours ago | securityboulevard.com

as-a-service countries cybercriminal cybersecurity +34

Choosing SOC Tools? Read This First [2024 Guide] 16 hours ago | securityboulevard.com

analytics & intelligence array centers clock +36

USENIX Security ’23 – GAP: Differentially Private Graph Neural Networks with Aggregation Perturbation 16 hours ago | securityboulevard.com

access aggregation authors channel +19

SafeBreach Coverage for AA24-109A (Akira Ransomware) 16 hours ago | securityboulevard.com

advisory akira akira ransomware cisa +12

Daniel Stori’s ‘WC’ 18 hours ago | securityboulevard.com

daniel daniel stori humor sarcasm +4

USENIX Security ’23 – Inductive Graph Unlearning 20 hours ago | securityboulevard.com

access authors channel conference +13

From DAST to dawn: why fuzzing is better solution | Code Intelligence 20 hours ago | securityboulevard.com

api security application applications application security +27

Cybersecurity Insights with Contrast CISO David Lindner | 4/19/24 22 hours ago | securityboulevard.com

businesses can cisa ciso +16

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Security Officer Level 1 (L1)

@ NTT DATA | Virginia, United States of America

View on infosec-jobs.com

Alternance - Analyste VOC - Cybersécurité - Île-De-France

@ Sopra Steria | Courbevoie, France

View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote US or Remote CAN

View on infosec-jobs.com

Cyber Security Engineer Lead

@ ASSYSTEM | Bridgwater, United Kingdom

View on infosec-jobs.com