Vidar Stealer Returns and Has a New Target: Mastodon
Researchers Have Discovered a New Malicious Campaign where Vidar Stealer Is Back in the Game.
Last updated on October 8, 2021
Vidar stealer is back and has a new target: this time, the Mastodon social media network is being abused in a fresh malicious campaign. The goal is C2 configuration achievement without being noticed.
Vidar Stealer: How It Works
The Vidar stealer’s activity origins can be traced back to 2018, playing its role in several campaigns since then. It has stood the test of time, due to its efficiency and its inexpensive character, as it can be easily sourced for $150 via Telegram or malicious forums.
The way Vidar stealer abuses Mastodon is what really attracts attention, as it compromises the social media network for C2 connectivity and dynamic configuration achievement.
Mastodon is a social network resembling Twitter, being on the rise and trying to be better than the latter when talking about whale-sized issues. At the first glance, the difference between Mastodon and Twitter is that the first has better tools in terms of privacy and harassment decrease and has toots instead of tweets, this is how they are called.
What Data Vidar Stealer Wants
According to the same researchers mentioned above who discovered this, the data Vidar stealer is looking for includes:
Telegram account credentials for those used on Windows versions;
File transfer app data such as FileZilla, WINSCP, or FTP;
Info related to emails;
And of course, browser info: cookies, passwords, browser history, or payment info.
What to Do for Now?
Users should be aware of payment or package delivery-related phishing emails. The Vidar stealer can also spread through social media platforms via messages or torrent games.
Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!