Briefing Malware

Briefing Malware - 12/10/2021

12th of October 2021 - Winners of the 41th week : Redline, NjRAT and FormBook.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.


Threat statistics report

Publication date:


Distribution :


What's new?


Vidar Stealer Abuses Mastadon Social Network

#Cyberint researchers unveil a new #Vidar malware campaign. The specificity of this campaign is that the list of Command and Control (#C2) is dynamically retrieved from a #Mastodon instance. Mastodon is a social network, usually compared to #Twitter and most of the time a trusted destination network even in a professional context. This configuration permit the infected to connect to a pre-defined Mastodon profile with a POST request containing the Vidar campaign ID and receive the C2 configuration. Any C2 involved had between 500 and 1500 campaign IDs with indicates the popularity of the stealer. Vidar is an information stealer that is active since October 2018 and linked to the former #Arkei Stealer. The simplicity and his ongoing development has made Vidar a popular stealer. Vidar is sold on underground forums or some #Telegram channels from $150 to $750 and is totally independent. Vidar is mostly used to steal web browser personal information like credentials, cookies or credit cards details, cryptocurrency wallets or files according to pre-defined regex from streamers, social media influencers or just private people.


Download the report