The threat actors behind theΒ Vidar malwareΒ have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi.
"Vidar threat actors continue to rotate their backend IP infrastructure, favoring providers in Moldova and Russia," cybersecurity company Team Cymru said in a new analysis shared
A "large and resilient infrastructure" comprising over 250 domains is being used to distribute information-stealing malware such asΒ RaccoonΒ andΒ VidarΒ since early 2020.
The infection chain "uses about a hundred of fake cracked software catalogue websites that redirect to several links before downloading the payload hosted on file share platforms, such as GitHub," cybersecurity firm SEKOIAΒ saidΒ in