Per HackRead, scammers are exploiting the popularity of short video formats on platforms like TikTok and Instagram Reels to distribute the Vidar infostealer malware, a departure from traditional phishing tactics.This new attack method, reported by ReversingLabs, involves creating seemingly helpful tutorial videos that promise free access to premium applications such as Spotify Premium or Microsoft Word. These videos often mimic official branding, like using a Windows-like icon and username, to build trust. Scammers instruct users to execute commands in their operating system's terminal, which secretly downloads and runs malicious payloads. Another tactic involves posting casual clips showcasing premium app features and prompting users to comment for instructions, leading them to fake download sites that deliver malware or redirect to surveys.These videos gain traction by leveraging platform algorithms that favor saved and shared content, with one tracked video reaching over 109,000 views. The downloaded file, build.exe, contains the Vidar Infostealer, a malware-as-a-service that steals passwords, banking data, and browser cookies. Defending against these attacks is challenging as scammers can delete critical comments, and platforms have sometimes rejected scam reports. Users are advised to avoid executing untrusted commands, and organizations should train employees to recognize these evolving social media-based threats.Source: HackRead
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds