Vidar Infostealer Malware Hits npm Ecosystem

Datadog Security Research uncovered a sophisticated supply chain attack targeting the npm ecosystem, involving 17 malicious packages designed to deliver the Vidar infostealer malware to Windows systems. The campaign, attributed to threat actor cluster MUT-4831, represents a significant escalation in npm-based threats. The malicious packages masqueraded as legitimate software development kits and libraries, executing destructive payloads through postinstall scripts. Despite their benign presentation, these packages accumulated at least 2,240 downloads before removal. The attack chain involved downloading an encrypted ZIP archive, decrypting it, and executing a Windows PE binary named bridle.exe. The Vidar v2 infostealer malware aggressively harvests sensitive data, packages it into ZIP archives, and exfiltrates it to command-and-control servers. The malware uses hardcoded Telegram and Steam accounts to retrieve active C2 domains dynamically, complicating post-compromise detection and incident response efforts.

Latest mentioned: 11-07

Earliest mentioned: 11-06

Sources

gbhackers.com thehackernews.com datadoghq.com cybersum.net

Also Read

Balancer V2 Suffers $128M DeFi Exploit Due to Smart Contract Flaw

Balancer V2, a prominent automated market maker, experienced a significant data breach resulting in the loss of $128 million in digital assets. The vulnerability in the V2 vault allowed an attacker to manipulate internal calls and drain funds from liquidity pools. Despite multiple audits, the exploit occurred, highlighting the challenges in securing composable DeFi systems. Users are urged to withdraw funds from affected pools and revoke smart contract approvals. The BAL token value dropped, and the total value locked decreased sharply.

11-05Read more →