Malvertising Campaign Delivers Vidar Information Stealer and GandCrab Ransomware
Threat actors behind a malvertising (malicious advertising) campaign are infecting victims with the Vidar information stealer and the GandCrab ransomware. The threat actors exploit vulnerabilities in Microsoft Internet Explorer and Adobe Flash Player using the Fallout exploit kit to deliver the Vidar malware. Vidar collects data on the victim including passwords, screenshots, credit card details, browser histories, and message data. Vidar has been observed delivering the GandCrab ransomware variant to victims after the initial infection. The NJCCIC recommends reviewing the Malwarebytes report on this campaign for additional information and indicators of compromise (IOCs), and taking proactive measures to protect your system from these malware variants including, but not limited to: running an up-to-date anti-virus/anti-malware program on all devices, enabling multi-factor authentication whenever available, and having a comprehensive data backup plan.