Sunday, June 15, 2025
HomeRansomwareNew Malvertising Chain that Steals Confidential Information and Encrypts With GandCrab ...

New Malvertising Chain that Steals Confidential Information and Encrypts With GandCrab Ransomware

Published on

SIEM as a Service

Follow Us on Google News

A new malvertising chain that uses multiple payloads to steal confidential information from the victim’s machine and to encrypt their files with GandCrab Ransomware.

Threat actors using the the Fallout exploit kit, a utility program that designedto exploit vulnerabilities in ports, softwares and to deploy backdoors in vulnerable systems.

Malwarebytes security researchers observed a threat actor using the Fallout exploit kit to distribute Vidar information stealer and the secondary payload as GandCrab ransomware.

- Advertisement - Google News
Credits : Malware Bytes

The malware identified as Vidar has stealer capabilities and it can be customized based on the threat actors requirements.

Researchers noted that Vidar is available for Sale, a single license cost $700, along with usual credit card numbers and passwords stealing capabilities it includes capabilities to steal passwords form digital wallets.

Credits : Malware Bytes

Once the vidar executed in the client machine it will search for the data specified in the profile connfiguration and if it founds the relevant data then it immediately send the databack to C2 server via an unencrypted HTTP POST request.

It steals the following system details that includes specs, running processes, installed applications, victim IP address, country, city, and ISP. Then it stores the data in the information.txt file and sends back to the attacker.

After extracting the information from client machine, Vidar loads the secondry payload via its command and control server.

“Within about a minute after the initial Vidar infection, the victim’s files will be encrypted and their wallpaper hijacked to display the note for GandCrab version 5.04.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets

Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Unpatched IT Tool Opens Door – Hackers Breach Billing Software Firm via SimpleHelp RMM

Cybersecurity professionals and business leaders are on high alert following a confirmed breach of...

Fog Ransomware Uses Pentesting Tools to Steal Data and Launch Attacks

Fog ransomware incidents in recent years have exposed a dangerous new trend in cybercrime:...

Sensata Technologies Faces Disruption Due to Ransomware Attack

Sensata Technologies, Inc., a major technology company based in Attleboro, Massachusetts, has disclosed a...