Operators of the Vidar and RedLine information-stealing malware strains have begun delivering ransomware payloads through tactics initially leveraged for infostealer distribution, suggesting a streamlining of attackers' operations, reports The Hacker News.
After sending phishing emails containing infostealer malware with Extended Validation code signing certificates to an unspecified victim in July, threat actors proceeded to deliver a fraudulent TripAdvisor complaint attachment that prompted ransomware deployment, according to a report from Trend Micro.
Researchers noted that no EV certificates were found in the files used in dropping the ransomware.
"However, the two originate from the same threat actor and are spread using the same delivery method. We can therefore assume a division of labor between the payload provider and the operators," said researchers.
The findings follow an IBM X-Force study showing the utilization of an updated DBatLoader malware loader in new phishing attacks distributing Warzone RAT and Agent Tesla malware since June.
Ransomware, Malware
Vidar, RedLine operators pivot to ransomware
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds