RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

Trend Micro researchers have been observing malware families RedLine and Vidar since the middle of 2022, when both were used by threat actors to target victims via spear-phishing scams. Earlier this year, RedLine targeted the hospitality industry with its info stealer malware. Their latest investigations show that the threat actors behind RedLine and Vidar now distribute ransomware payloads with the same delivery techniques they use to spread info stealers. This suggests that the threat actors are streamlining operations by making their techniques multipurpose.

In this particular case Trend Micro researchers investigated, the victim initially received a piece of info stealer malware with Extended Validation (EV) code signing certificates. After some time, however, they started receiving ransomware payloads via the same route.

Read more…
Source: Trend Micro