Register now for better personalized quote!

Fake domains offer Windows 11 installers - but deliver malware instead

May, 20, 2022 Hi-network.com

Security researchers have found a new collection of phishing domains offering up fake Windows 11 installers that actually deliver information-stealing malware. 

Security

Cyber security 101: Protect your privacy from hackers, spies, and the government

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

Read now

Cybersecurity firm Zscaler said that newly registered domains appeared in April 2022 and have been designed to mimic the legitimate Microsoft Windows 11 OS download portal. 

'Warez' sites containing pirate material, including software and games, are notorious as hotbeds of malicious malware packages, including Trojans, information stealers, adware, and nuisanceware. 

SEE:Microsoft warns: This botnet has new tricks to target Linux and Windows systems

Cracked forms of software are on offer for free and users who download the software are usually trying to avoid paying for software licenses or gaming content. A brief scan of active warez sites reveals listings for Windows, macOS, and Linux applications, including Adobe Photoshop, various creative applications, enterprise versions of Windows software, and a host of films and games. 

However, if you risk the download, you might be opening your machine up to infection -and the same applies if you download software you trust from a suspicious web address.

Image: Zscaler

In the case documented by Zscaler, Vidar is spread by the threat actors through phishing and social media networks, including Mastodon, which are widely abused to facilitate attacks. 

Mastodon is decentralized, open-source software used to run self-hosted social networks. In two instances, the cyber criminals created new user accounts and stored command-and-control (C2) server addresses in their 'profile' sections. 

In a new development, the Vidar group is also opening Telegram channels with the same C2 stored in the channel description. By doing so, malware implanted on vulnerable systems can fetch C2 configuration from these channels. 

Vidar is a nasty form of malware able to spy on users and steal their data, including OS information, browser history, online account credentials, financial data, and various cryptocurrency wallet credentials. Vidar is also spread through the Fallout exploit kit. 

SEE:Cloud computing security: New guidance aims to keep your data safe from cyberattacks and breaches

While the fake website pretends to be the official download portal, the malicious file on offer is an .ISO hiding the Vidar payload and packed with Themida. A static configuration is used to access the C2, but social media profiles can also be used as backup URLs. 

In addition to the .ISO files being distributed as fake Windows 11 installers, Zscaler also uncovered a GitHub repository storing backdoored versions of Adobe Photoshop, another popular option for warez sites. 

The best option to mitigate the risk of Vidar is to only download software from trusted, official domains -and to not give in to the lure of free, cracked software. 

"The threat actors distributing Vidar malware have demonstrated their ability to social engineer victims into installing Vidar stealer using themes related to the latest popular software applications," the researchers say. "As always, users should be cautious when downloading software applications from the Internet."

Previous and related coverage

  • Cyberattacks and misinformation activity against Ukraine continues say security researchers
  • Twitter to hide misleading tweets under new crisis response policy
  • US Justice Department won't prosecute white-hat hackers under the CFAA

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.