E-commerce means big business in the 21st century and it proves a highly attractive target to threat actors, as online sellers are now finding out. 

Such is the size of the e-commerce industry – estimated to hit $4.11 trillion in 2023 – threat actors have many reasons for attacking online merchants. Taking control of a seller’s account will instantly provide hackers with a treasure chest of personal information about their customers e.g. payment methods, personal identifiers, and email addresses. It’s also common for threat actors to lace these compromised inventories and shops with malicious JavaScript code, this can then record credit card details during the checkout process. 

Therefore, this latest attack, which uses the Vidar malware to advance its payload, is one that you need to be aware of. 

How is Vidar Causing Havoc in the Digital Aisles? 

The attack launched against online sellers uses a combination of social engineering and phishing emails to deceive its targets. Threat actors are posing as disgruntled customers who claim to have had large amounts of money deducted from their bank without an order being processed. Using a bit.ly URL – which is typically used to shorten long URLs, but also hides the true destination of the link – the sender of the email advises the merchant to investigate a screenshot of their bank account. This, they claim, will show proof that funds have been taken. 
 
Clicking this link will take the victim to a malicious website designed to look like a genuine Google Drive account. Here, the victim is encouraged to download a .PDF of the bank statement which the sender claims will demonstrate that an illegal transaction has taken place. However, rather than downloading a .PDF, the victim will instead download a file called bank_statement.scr. And this file contains the Vidar malware. 

Vidar was first discovered in 2018 and its method of attack is well known. A classic data miner, Vidar will steal information such as passwords, browser cookies, text files, and also take screenshots of the infected PC. After uploading this data to a remote location, the threat actors can easily download this information and use it to exploit the victim further e.g. sell login credentials on the dark web or access other user accounts using the same information. 

Taking Vidar Back to the Store 

If you believe that your PC has been breached by Vidar, the good news is that most anti-virus tools will pick it up and eradicate it from your system. Nonetheless, it’s always better to not get infected in the first place. Therefore, make sure you follow these best practices to avoid falling victim to Vidar: 

Pick up on suspicious language: phishing emails are full of telltale signs, but you need to know what you’re looking for. Firstly, look out for urgency, fear, and excitement-inducing words. Secondly, watch for requests to disclose personal information or click on suspicious links. And, finally, pay attention to poor grammar or spelling errors. 

Only download from trusted sources: it’s advisable to only download files from sources you can verify are genuine. Downloading files from customers, even if they are genuine, should be avoided wherever possible. These files could, as the Vidar attack has shown, contain anything. In a scenario where you need verification, always turn to an IT professional. 

Use anti-phishing tools: installing anti-phishing software is a good way to enhance your protection against phishing attacks. These tools can be implemented as either browser extensions or part of a security suite. Once they detect an attempt at phishing, they will block the content and present you with a warning in its place. 

For more ways to secure and optimize your business technology, contact your local IT professionals

Read More


We all know that hacking goes on. And it certainly goes on in business. But how much do we know about it? The truth is we don’t know as much as we should.

The general consensus is that most people know what a hacker is and how they go about their business. This is why there are so many anti-hacking products available. However, using these products on their own isn’t enough to guarantee safety. In fact there is no guarantee. But you can enhance your protection significantly with an understanding of the basics of hacking. It’s important to know what a hacker is attempting to do. With this in mind you have a much better chance of preventing or resolving the hack.

What is Hacking?

Hacking causes chaos. Lots of chaos. And that’s not an understatement. But what exactly is it? It can be many things, but the basic core of hacking is to compromise devices. These can include PCs, networks and smart devices. Regardless of the device a hacker wants to gain unauthorized access to it. Sometimes this access can be used to steal data and sometimes it can be to cause sabotage. There are a wide range of techniques involved and we’ll take a look at them later.

Who are the Hackers?

The traditional image of a hacker that most people have in their minds isn’t entirely accurate. The pimply nosed, teenage hacker of cartoons may well exist in one form or another, but they’re not the only hacker out there. Due to the financial gain on offer from hacking, a number of criminal gangs are now developing sophisticated hacking methods to earn a nice income. And then there are the political gains that can be provided by hacking. There are a wide range of hackers out there, but identifying them is very difficult as they’re notoriously good at covering their tracks.

What Type of Hacks Are There?

The complexities of IT software and hardware mean that there is the potential for a variety of hacking techniques. Some of the most common methods are:

  • Ransomware: This is every organization’s worst nightmare. A relatively new form of malware, ransomware is spread through malicious emails that encourage recipients to click a link. If these links are clicked then a series of processes are executed that leave the victim’s hard drive encrypted. And the only way to decrypt the files is by paying a cryptocurrency ransom. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More