Beware of Fake Windows 11 Downloads Distributing Vidar Malware

Phishing domains are spreading Windows 11 installers loaded with Vidar infostealer.

According to the cybersecurity firm Zscaler ThreatLabz, threat actors are trying to install info stealing malware on users’ devices through newly registered domains. Zscaler explained that these spoofed domains were first observed in April 2022 and created to distribute “malicious ISO files” (a PE32 binary) disguised as legit MS Windows 11 OS installers.

These malicious files deliver Vidar infostealer on the device. Some of the fake domains registered on 20 April include ms-win11com, win11-servcom, win11installcom, and ms-teams-appnet.

It is worth noting that Vidar malware was previously used in attacks against YouTubers and in a VPN scam in which a fake VPN website was discovered delivering password-stealing malware.

What is Vidar malware?

It is notorious info stealing malware that can perform spying on users. Its primary job is to steal sensitive user data such as operating system information, online accounts credentials, browser history, financial or banking data, and cryptocurrency wallet login details. It is generally distributed via the Fallout exploit kit.

How is Vidar Infostealer Distributed?

Vidar malware is delivered through phishing and attacker-controlled social media networks. ZScaler researchers noted that the Vidar malware variants extract the C2

Read More: