Phishing domains are spreading Windows 11 installers loaded with Vidar infostealer.
According to the cybersecurity firm Zscaler ThreatLabz, threat actors are trying to install info stealing malware on users’ devices through newly registered domains. Zscaler explained that these spoofed domains were first observed in April 2022 and created to distribute “malicious ISO files” (a PE32 binary) disguised as legit MS Windows 11 OS installers.
These malicious files deliver Vidar infostealer on the device. Some of the fake domains registered on 20 April include ms-win11com, win11-servcom, win11installcom, and ms-teams-appnet.
What is Vidar malware?
It is notorious info stealing malware that can perform spying on users. Its primary job is to steal sensitive user data such as operating system information, online accounts credentials, browser history, financial or banking data, and cryptocurrency wallet login details. It is generally distributed via the Fallout exploit kit.
How is Vidar Infostealer Distributed?
Vidar malware is delivered through phishing and attacker-controlled social media networks. ZScaler researchers noted that the Vidar malware variants extract the C2