Raccoon and Vidar spread via cracked software links

Share post:

Since early 2020, more than 250 domains have been used in a widespread impersonation campaign aimed at disseminating the information-stealing malware Vidar and Raccoon.

Both pieces of malware are capable of stealing a wide range of personal information from compromised machines, as well as credentials from web browsers and data from various cryptocurrency wallets.

The infection chain “uses about a hundred of fake cracked software catalogue websites that redirect to several links before downloading the payload hosted on file share platforms, such as GitHub,” cybersecurity firm SEKOIA said in an analysis.

The attackers take advantage of users looking for cracked versions of software and games on search engines by displaying malicious websites on the first page. To trick victims into downloading and executing the malicious payloads, it employs a technique known as search engine optimization (SEO) poisoning.

The tainted result includes a download link to the promised software, which, when clicked, initiates a five-stage URL redirection pattern that takes the user to a web page showing a shortened link pointing to a password-protected RAR archive file hosted on GitHub, along with its password. If the victim uncompresses the RAR archive and runs the purported setup executable, either of the two malware families, Raccoon or Vidar, is installed on the system.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways