New Double-edged P2P Malvertising Attack Discovered
Anti-malware specialist Malwarebytes has found that P2P users are being targeted by malware and ransomware in a two-pronged attack.
A new malvertising campaign has been targeting users of P2P websites, according to cybersecurity researchers.
Anti-malware specialist Malwarebytes has found that criminals are directing torrent site visitors to two different exploit kits, GrandSoft EK and Fallout EK, by registering rogue advertising domains.
Attackers push victims to Fallout EK according to geolocation, where they encounter Vidar, an info-stealer available on the dark web for £550.
The malware steals the victim’s personal and financial details, along with their system details, such as IP address, ISP, spec and running processes.
Malwarebytes security researcher Jérôme Segura said: “Vidar customers can customise the stealer via profiles, which gives them a way to adjust which kind of data they are interested in.
“Beyond the usual credit card numbers and other passwords stored in applications, Vidar can also scrape an impressive selection of digital wallets.”
Vidar also works as a loader for second-stage malware – GandCrab 5.04 ransomware, Segura noted.
He explained: “Threat actors can use ransomware for a variety of reasons within their playbook. It could be, for instance, a simple decoy where the real goal is to irreversibly corrupt systems without any way to recover lost data. But as we see here, it can be coupled with other threats and used as a last payload when other resources have already been exhausted.
“As a result, victims get a double whammy. Not only are they robbed of their financial and personal information, but they are also being extorted to recover the now encrypted data.”