Zoom-themed cyber attacks fuel rapid malware growth
The Vidar malware has become more popular since August, allowing threat actors to steal sensitive information, IP addresses, and crypto wallets from infected devices
Cyber attacks that lure victims with themes around popular video conferencing service Zoom have helped increase malware growth, with one named Vidar becoming more popular in rapid time.
Vidar occupies position number eight, up seven places from August, in Check Point Research’s (CPR) Global Threat Index for September 2022. The CPR report found that although Formbook, an infostealer targeting Windows OS that currently affects 3% of organisations around the world, is still the most prevalent malware, the steep rise of Vidar is notable.
Vidar is an infostealer designed to give threat actors backdoor access, allowing them to steal sensitive banking information, login credentials, IP addresses, browser history, and crypto wallets from infected devices.
The increase in its prevalence comes after a malicious campaign in which fake Zoom websites, like zoomus[.]website and zoom-download[.]space, were used to lure users into downloading the malware.
“In terms of the most prevalent malwares in September, it’s interesting to see Vidar leap into the top ten after a long absence,” said Maya Horowitz, VP of research at Check Point. “Users of Zoom need to stay alert to fraudulent links as this is how the Vidar malware has been distributed lately. Always keep an eye out for inconsistencies or misspelt words in URLs. If it looks suspicious, it probably is.”
Formbook was the most prevalent malware this month impacting 3% of organisations worldwide, followed by XMRig and AgentTesla which both impact 2% of organisations globally.
CIO Priorities: 2020 vs 2023
Zero Trust, SaaS Security, and its impact on SD-WAN being a priorityWatch now
Formbook was first detected in 2016 and is marketed as a malware as a service (MaaS) operation in underground hacking forums. It's known for having substantial anti-detection capabilities and a relatively low price.
The malware harvests credentials from various web browsers, collects screenshots, monitors, and logs keystrokes. It can also download and execute files according to orders from its command and control infrastructure (C2).
XMRig, on the other hand, is open source CPU software used to mine Monero cryptocurrency. Threat actors often abuse this open-source software by integrating it into their malware to conduct illegal mining on victim’s devices, according to Check Point.
Additionally, AgentTesla is an advanced RAT functioning as a keylogger and information stealer. It’s capable of monitoring and collecting a victim’s keyboard input, system keyboard, taking screenshots, and exfiltrating credentials to a variety of software installed on a victim’s machine (including in Google Chrome, Mozilla Firefox, and the Microsoft Outlook email client).
The type of vulnerability most exploited this month was a 'web server exposed git repository information disclosure, impacting 43% of organisations globally. Successful exploitation of this flaw can facilitate the unintentional disclosure of account information in the impacted product.
This was followed by Log4Shell which dropped from first place to second and impacted 42% of organisations. It was discovered late last year and sent shockwaves through the security community due to how many organisations were believed to be exposed.
Accelerating healthcare transformation through patient-centred medtech solutions
Seize the digital transformation opportunities to streamline patient care and optimise patient outcomesFree Download
Big payoffs from big bets in AI-powered automation
Automation disruptors realise 1.5 x higher revenue growthFree Download
Hyperscaler cloud service providers top ten
Why it's important for companies to consider hyperscaler cloud service providers, and why they matterFree Download
Strategic app modernisation drives digital transformation
Address business needs both now and in the futureFree Download