Ecommerce firms are being targeted by this dangerous malware - here's how to stay safe

Business man using mobile phone and laptop with global network and technology icons on virtual screen
(Image credit: Shutterstock/TippaPatt)

If you’re running an ecommerce business, be mindful of emails from alleged customers claiming they were erroneously charged, as these could well be phishing attempts looking to distribute malware.

BleepingComputer obtained a copy of an email which, besides all of the above, shares a “bank statement” that serves as “proof” of the erroneous transaction. 

However, the bank statement ultimately leads to the deployment of the Vidar infostealer. There are also other methods that lead to the same endgame, including a fake Google Drive link with files such as “bank_statement.scr".

Protecting your business from the biggest threats online

Protecting your business from the biggest threats online
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?) 

Fake transactions

Vidar is an infamous trojan that’s capable of stealing all kinds of sensitive information from the target endpoint, browser cookies, browser history, saved passwords, cryptocurrency wallets, text files, Authy two-factor authentication information, and more. Vidar is also capable of grabbing screenshots, too. 

Once the trojan collects sensitive data, it will create a folder containing all the information and upload it to a remote server, for the attacker’s convenience. After that, the contents of the folder will be deleted, leaving only an empty folder as proof of the exfiltration. 

Usually, the threat actors would do one of two things with the stolen data: use it for stage two attacks (deploying ransomware, engaging in extortion, identity theft, wire fraud, or similar), or sell it on the black market for someone else to exploit. 

If you received an email such as this one which proved to be a fake, make sure to scan your computer with antivirus programs and endpoint security solutions to remove any possible malware or trojans. If the programs find evidence of compromise, it’s pivotal you change your passwords, especially those associated with money.

  • Check out our list of the best VPN services to keep you safe

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.