GandCrab Operators Use Vidar Infostealer as a Forerunner

Developer of GrandCrab Also Attacks PC By Vidar

Recently, a new malvertising string named Vidar has been reported that works in elaborated scheme to make use of the Fallout and Grandsoft exploit kits to target or compromise user PC. In the Norse mythology, Vidar is a god and son of the Odin whose death is foretold he will avenge. It often referred as ‘The Silent One’ and it seems to be fitting for stealer that can loot from the web browser histories and the cryptocurrency wallets. When users will notice the first payload of GandCrab then second one Vidar will also take place. Such a crypto malware is mainly known for locking users files and demand ransom fee for decryptor.

Vidar : Infostealer Malware That Often Sold As Product

Vidar is a piece of malicious malware but it sold on the user machine as a product on black market for about $700. According to the researchers, it can be spread by several threat groups via different campaigns. Initially, most of the malware researchers thought that data stealing malware is Arkei but after the in-depth inspection by security expert Fumik0, they revealed that it is a new variation that known as Vidar.

First of all, Vidar was noticed in the October 2018 that is mainly possessed the classic feature of data stealer. Being a ‘The Silent One’, it is capable for harvesting users all data like their specific documents, cookie IDs, digital wallets, screenshots, in-depth technical information, loader settings etc. Besides this, it’s UI makes it too much easy to track victims activities.

Vidar Spreads Through Payload of GandCrab Ransomware

If you will be redirected to Fallout of the GrandSoft Eks, Vidar will immediately start to gather your all sensitive data and then after send it to Command and Control server in ZIP archive. Within just few minute of initial infection, another payload GrandCrab will be downloaded and installed on PC. GandCrab Ransomware has numerous variant like GandCrab V3 Ransomware and the latest variant is GandCrab 5.0.4. Like previous, it also asks to pay ransom fee but security experts are highly advised users to not pay ransom fee.

In terms of online safety, security experts are never advised user to neglect security measures. To avoid your System having such a malware you must use a trusted and well-reputable security software. Additionally, you must patch your software and OS to render your Computer immune to the exploit kits such as Fallout of GrandSoft.

Leave a Comment

Your email address will not be published. Required fields are marked *