Saturday, February 8, 2025
HomeRansomwareNew Malvertising Chain that Steals Confidential Information and Encrypts With GandCrab ...

New Malvertising Chain that Steals Confidential Information and Encrypts With GandCrab Ransomware

Published on

SIEM as a Service

Follow Us on Google News

A new malvertising chain that uses multiple payloads to steal confidential information from the victim’s machine and to encrypt their files with GandCrab Ransomware.

Threat actors using the the Fallout exploit kit, a utility program that designedto exploit vulnerabilities in ports, softwares and to deploy backdoors in vulnerable systems.

Malwarebytes security researchers observed a threat actor using the Fallout exploit kit to distribute Vidar information stealer and the secondary payload as GandCrab ransomware.

Credits : Malware Bytes

The malware identified as Vidar has stealer capabilities and it can be customized based on the threat actors requirements.

Researchers noted that Vidar is available for Sale, a single license cost $700, along with usual credit card numbers and passwords stealing capabilities it includes capabilities to steal passwords form digital wallets.

Credits : Malware Bytes

Once the vidar executed in the client machine it will search for the data specified in the profile connfiguration and if it founds the relevant data then it immediately send the databack to C2 server via an unencrypted HTTP POST request.

It steals the following system details that includes specs, running processes, installed applications, victim IP address, country, city, and ISP. Then it stores the data in the information.txt file and sends back to the attacker.

After extracting the information from client machine, Vidar loads the secondry payload via its command and control server.

“Within about a minute after the initial Vidar infection, the victim’s files will be encrypted and their wallpaper hijacked to display the note for GandCrab version 5.04.”

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets

Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Abyss Locker Ransomware Attacking Critical Network Devices including ESXi servers

The Abyss Locker ransomware, a relatively new but highly disruptive cyber threat, has been...

Globe Life Ransomware Attack Exposes Personal and Health Data of 850,000+ Users

Globe Life Inc., a prominent insurance provider, has confirmed a major data breach that...

New ‘SHIELD’ Platform Leverages FPGA and Off-Host Monitoring to Tackle Advanced Ransomware Threats

In a significant advancement against increasingly sophisticated ransomware threats, researchers from NYU Tandon School...