Faux domains supply Home windows 11 installers – however ship malware as a substitute

Safety researchers have discovered a brand new assortment of phishing domains providing up faux Home windows 11 installers that truly ship information-stealing malware. 

Cybersecurity agency Zscaler mentioned that newly registered domains appeared in April 2022 and have been designed to imitate the legit Microsoft Home windows 11 OS obtain portal. 

‘Warez’ websites containing pirate materials, together with software program and video games, are infamous as hotbeds of malicious malware packages, together with Trojans, info stealers, adware, and nuisanceware. 

SEE: Microsoft warns: This botnet has new methods to focus on Linux and Home windows techniques

Cracked types of software program are on supply without spending a dime and customers who obtain the software program are normally making an attempt to keep away from paying for software program licenses or gaming content material. A quick scan of lively warez websites reveals listings for Home windows, macOS, and Linux functions, together with Adobe Photoshop, varied inventive functions, enterprise variations of Home windows software program, and a number of movies and video games. 

Nevertheless, in case you danger the obtain, you may be opening your machine as much as an infection – and the identical applies in case you obtain software program you belief from a suspicious net tackle.


Picture: Zscaler

Within the case documented by Zscaler, Vidar is unfold by the risk actors by means of phishing and social media networks, together with Mastodon, that are extensively abused to facilitate assaults. 

Mastodon is decentralized, open-source software program used to run self-hosted social networks. In two cases, the cyber criminals created new person accounts and saved command-and-control (C2) server addresses of their ‘profile’ sections. 

In a brand new improvement, the Vidar group can also be opening Telegram channels with the identical C2 saved within the channel description. By doing so, malware implanted on weak techniques can fetch C2 configuration from these channels. 

Vidar is a nasty type of malware in a position to spy on customers and steal their information, together with OS info, browser historical past, on-line account credentials, monetary information, and varied cryptocurrency pockets credentials. Vidar can also be unfold by means of the Fallout exploit package. 

SEE: Cloud computing safety: New steering goals to maintain your information protected from cyberattacks and breaches

Whereas the faux web site pretends to be the official obtain portal, the malicious file on supply is an .ISO hiding the Vidar payload and full of Themida. A static configuration is used to entry the C2, however social media profiles may also be used as backup URLs. 

Along with the .ISO recordsdata being distributed as faux Home windows 11 installers, Zscaler additionally uncovered a GitHub repository storing backdoored variations of Adobe Photoshop, one other well-liked possibility for warez websites. 

The most suitable choice to mitigate the chance of Vidar is to solely obtain software program from trusted, official domains – and to not give in to the lure of free, cracked software program. 

“The risk actors distributing Vidar malware have demonstrated their means to social engineer victims into putting in Vidar stealer utilizing themes associated to the most recent well-liked software program functions,” the researchers say. “As at all times, customers needs to be cautious when downloading software program functions from the Web.”

Earlier and associated protection

Have a tip? Get in contact securely by way of WhatsApp | Sign at +447713 025 499, or over at Keybase: charlie0

Related Articles

Back to top button