Malvertising Campaign Delivers Double Whammy of Ransomware and Info-Stealing

January 9, 2019

The whole attack takes place in under a minute.

A multi-payload and ongoing malvertising campaign is distributing a newly discovered info-stealer as well as the GandCrab ransomware.

The info-stealer is named Vidar, after the Norse god Víðarr, who was the son of Odin in mythology. According to researcher Fumik0, who discovered it in December, Vidar steals documents, cookies and browser histories (including from Tor), currency from wide array of cryptocurrency wallets, data from 2FA software and text messages, plus it can take screenshots. The package also offers malware operators Telegram notifications for important logs.

Read More on Threat Post