The threat actors behind the Vidar malware continue to make changes to their back-end infrastructure, indicating attempts to retool and conceal their online trail.
The infection control company Team Cymru reports that the infections have increased their traffic from Moldova and Russia.
The attack has also continued to use a domain with the following characteristics: a new IP address at 185.229.64.49 by the end of March 2023, with the threat actors accessing the latter using VPN servers around the same time.
The Vidar infrastructure has been found to receive yet another facelift effective May 3, 2023, the company reports.
New domain names and physical addresses are revealed in the analysis.
For example, the attackers’ favorite domain is myodin.
π Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ποΈ
If not, consider contributing to my caffeine supply at Buy Me a Coffee βοΈ.
Your clicks = cosmic support for more awesome content! ππ
Leave a Reply