About the Malware: The malicious ISO files were included on the counterfeit websites to facilitate the download and installation of the Vidar info-stealer malware on the target PCs, according to cybersecurity specialists.
Vidar virus is a well-known data thief that may take information from users and monitor their activities. While spyware like Vidar is primarily intended to steal sensitive data from its victims.
The ISO that includes the executable is unusually huge to escape detection by security solutions (over 300MB).
The hackers are signing the file with Avast's expired certificate, which was most likely taken following the company's security incident in October 2019.
Vidar connects to a C2 server and then demands legitimate DLL files from the C2 server to collect vital and sensitive data from affected systems.
Here below we have mentioned the DLL files that are requested:-
sqlite3.dll
vcruntime140.dll
The threat actor additionally exploited Mastodon and Telegram to save the C2 IP address in the description fields of vulnerable communities and accounts.
Recommendation
Never download a file or an installer from an unknown source.
Before downloading any unknown attachments, be cautious.
Avoiding crack
Always use a powerful antivirus program.
Do not download any crack for the paid version. I