The virus information stealer Vidar has been spreading through internet domains claiming to be associated with the remote desktop software company AnyDesk.
This was reported by leading cybersecurity vendor, Check Point Software Technologies in its latest Global Threat Index for January 2023.
According to CPST, the malware uses URL jacking for various popular applications to redirect people to a single IP address claiming to be the official AnyDesk website.
Once downloaded, the malware masquerades as a legitimate installer to steal sensitive information such as login credentials, passwords, cryptocurrency wallet data and banking details.
Researchers also identified a major campaign dubbed Earth Bogle delivering the NJRat malware to targets across the Middle East and North Africa.
The trojan has multiple capabilities including capturing keystrokes, accessing the victim’s camera, stealing credentials stored in browsers, uploading and downloading files, performing process and file manipulations, and viewing the victim’s desktop.
NJRat infects victims via phishing attacks and drive-by downloads, and propagates through infected USB keys or networked drives, with the support of Command & Control server software.
Maya Horowitz, VP Research at Check Point Software said: “Once again, we’re seeing malware groups use trusted brands to spread viruses, with the aim of stealing personal identifiable information. I cannot stress enough how important it is that people pay attention to the links they are clicking on to ensure they are legitimate URLs. Look out for the security padlock, which indicates an up-to-date SSL certificate, and watch for any hidden typos that might suggest the website is malicious.”
