Cracked forms of software are on offer for free and users who download the software are usually trying to avoid paying for software licenses or gaming content. A brief scan of active warez sites reveals listings for Windows, macOS, and Linux applications, including Adobe Photoshop, various creative applications, enterprise versions of Windows software, and a host of films and games.
However, if you risk the download, you might be opening your machine up to infection – and the same applies if you download software you trust from a suspicious web address.
In the case documented by Zscaler, Vidar is spread by the threat actors through phishing and social media networks, including Mastodon, which are widely abused to facilitate attacks.
Mastodon is decentralized, open-source software used to run self-hosted social networks. In two instances, the cyber criminals created new user accounts and stored command-and-control (C2) server addresses in their 'profile' sections.
In a new development, the Vidar group is also opening Telegram channels with the same C2 stored in the channel description. By doing so, malware implanted on vulnerable systems can fetch C2 configuration from these channels.
Vidar is a nasty form of malware able to spy on users and steal their data, including OS information, browser history, online account credentials, financial data, and various cryptocurrency wallet credentials. Vidar is also spread through the Fallout exploit kit.
While the fake website pretends to be the official download portal, the malicious file on offer is an .ISO hiding the Vidar payload and packed with Themida. A static configuration is used to access the C2, but social media profiles can also be used as backup URLs.
In addition to the .ISO files being distributed as fake Windows 11 installers, Zscaler also uncovered a GitHub repository storing backdoored versions of Adobe Photoshop, another popular option for warez sites.
The best option to mitigate the risk of Vidar is to only download software from trusted, official domains – and to not give in to the lure of free, cracked software.
"The threat actors distributing Vidar malware have demonstrated their ability to social engineer victims into installing Vidar stealer using themes related to the latest popular software applications," the researchers say. "As always, users should be cautious when downloading software applications from the Internet."