Vidar Audio Barrier Maximizer v2.0.0 VST3 AU AAX WiN macOS [FREE]

UPDATE V2.0.0!
STYLE parameter is added.
STYLE1 improves the existing sound quality.
STYLE2 is aggressive with a

https://testblog.music-society.de/vidar-audio-barrier-maximizer-v2-0-0-vst3-au-aax-win-macos-free/vst-vst3-aax-au/musicus/

#AAX #AppleSilicon #AU #bass #boost #Crossover #Dance #DEMO #drive #free #Groove #Intel #kick #l #loudness #MacOS #Maximizer #music #Stereo #Update #Vidar #VidarAudio #VST3 #Windows

Vidar Audio Hammer v1.5.0 VST3 AU AAX Windows macOS [FREE]

V1.5.0 update! added DRIVE input saturator

HAMMER is a hybrid modern and vintage compressor/limiter.

And best of all, the plugin is free.

https://testblog.music-society.de/vidar-audio-hammer-v1-5-0-vst3-au-aax-windows-macos-free/vst-vst3-aax-au/musicus/

#AAX #AppleSilicon #AU #compressor #drive #easy #free #hybrid #Intel #l #Limiter #MacOS #Mix #other #Peak #RMS #Update #Vidar #VidarAudio #Vintage #VST3 #Windows #x64

📬 KI-Videos auf YouTube verbreiten Infostealer-Malware statt Cracks
#Malware #Streaming #AutoCAD #Cracks #gecrackteSoftware #Infostealer #KIVideo #Photoshop #PremierePro #Raccoon #RedLine #Vidar #YouTube https://tarnkappe.info/artikel/streaming/ki-videos-auf-youtube-verbreiten-infostealer-malware-statt-cracks-266971.html

A few weeks ago I found a malicious Google Ad leading to the Vidar stealer.

The payload was hosted on a previously long dormant GitHub account, https://github.com/hgmbln.

After years of no activity, they forked a legitimate project and added Vidar as a release. In the last two days, they have done the same, this time adding an unknown malware as the release.

This account was reported, but is still active.

I uploaded a sample to Malshare.
https://malshare.com/sample.php?action=detail&hash=5e3ec6d90677736003fe42566ecb0ceb1352bb39460a46a52a1a41b2a7a3eca1

#intel #vidar #malvertising

Ah, it's #Vidar according to Triage. Had to get use the payload it grabbed.

104.156.149[.]33/yes/193TIuetnayqZtaKBfkSOsoCtZH.exe

https://tria.ge/230207-1p4esafc2v/behavioral1

@cyberlibrarian Agreed, it's risky business for users who are not already familiar with what the software download site should look like and the correct URL for it.

I got the sample. It looks like most of the samples I get recently. A ZIP file with lots of unused files and a very large EXE. Both of those alone make it harder on the current sandboxes. So I just extract the EXE, truncate it, then lob it into a variety of sandboxes.

Joe Sandbox was doing great at identifying them, but ran out of my monthly quota 😭​

Your sample comes back as #Vidar

https://tria.ge/230130-3erpcaeg8s/behavioral1

Day 1️⃣​1️⃣​ of #100DaysOfYara - Browser Extensions Targeted by Vidar #InfoStealer

🔗​ https://github.com/colincowie/100DaysOfYara_2023/blob/main/January/011/011.md

For today's rule I took a look at the #Vidar 1.9 sample mentioned in @teamcymru_S2 's 🔥​ research:
https://www.team-cymru.com/post/darth-vidar-the-dark-side-of-evolving-threat-infrastructure

Hey :)

We published a detailed report on #Vidar infrastructure management, explaining how they are working. We also share malware configuration extractor over the C2, backend IPs, etc:

https://team-cymru.com/post/darth-vidar-the-dark-side-of-evolving-threat-infrastructure

Happy Hunting and feedback warmly welcomed 😊

@teamcymru_S2

RT @elhackernet
🚨 Mucho cuidado:

Utilizan falsos anuncios en Google (enlaces patrocinados) de populares programas como OBS, KMPlayer, VirtualBox, Blender 3D, Gimp, LibreOffice para hackear y robar cuentas de Twitter, YouTube, etc

#Aurora #vidar #malware #stealer

[Threatview.io] 🕵️‍♂️Malware #Vidar using #TikTok as C2

⚙️https://tria.ge/230118-sey4babd63
⚠️ C2: 95.216.178[.]160

#ThreatIntel
#CTI
#cybersecurity

RT @1ZRR4H@twitter.com

🚨 Continuan las campañas de malware vía Google Ads, ahora #Vidar stealer (botnet 698) con archivo de casi 300MB, imitando a #Audacity, #GIMP, #Blender y #TradingView.

/aduducity.org
/qiupm.org
/blenderno.org
/tradervwiev.org

C2:
91.107.158.249
78.47.228.65

🐦🔗: https://twitter.com/1ZRR4H/status/1614689336242348033

RT @1ZRR4H@twitter.com

🚨 Continuan las campañas de malware vía Google Ads, ahora #Vidar stealer (botnet 698) con archivo de casi 300MB, imitando a #Audacity, #GIMP, #Blender y #TradingView.

/aduducity.org
/qiupm.org
/blenderno.org
/tradervwiev.org

C2:
91.107.158.249
78.47.228.65

🐦🔗: https://twitter.com/1ZRR4H/status/1614689336242348033

Saw this today on birdsite - apparently there's a massive vidar stealer campaign with 1300+ domains registered with a good amount of typo squatting going on.

https://gist.github.com/qbourgue/a81873df59004858a107a7c10b3a3fd7/

credit to @crep1x@twitter.com

For the time being, they are all registered to a single IP address oddly enough, so instead of vomiting out a massive amount of DNS rules today, I opted to create a rule that catches the query response with the IP address in question.

Additionally, here is triage sandbox run: https://tria.ge/230107-vnc9bahd7x/behavioral2

Finally, suricata sid 2036316 is a part of the ET OPEN ruleset, and will detect Arkei/Vidar/Mars stealer variants -- tested against the pcap generated from the triage run.

Happy Monday, MFers.

#threatintel #malware #infostealer #snort #suricata #vidar #ioc #iocsharing

Really great article from the Sekoia.io team just dropped, looking at the infostealer activity that's been crazy-busy lately.

https://blog.sekoia.io/unveiling-of-a-large-resilient-infrastructure-distributing-information-stealers/

The Red Canary intel team just saw some of this activity earlier in the week. Our sample was Themida-packed #Raccoon V2, but Sekoia also reports #Vidar distributed this way which surprises me none.

Anyway, really good and very timely article, well worth your time. There were a couple hundred of these samples uploaded to VT over the holidays, and those were just the ones I ran across without looking super hard. There's a ton of this out there right now.

2022-12-29 (Thursday) - Getting ready to shut down for the evening, and I wanted to try one more time.

This time I set up my Windows lab computer as a Brazil host with Portuguese language.

I saw aanother Google ad, this time to a fake AnyDesk page at computer-remote[.]site.

This time the malware was an #ArkeiStealer variant (#Vidar/#OkiStealer/#MarsStealer/whatever its morphed into now).

Download link: hxxps://computer-remote[.]site/download.php

Download link redirects to aip file hosted on Dropbox at: hxxps://dl.dropboxusercontent[.]com/s/hpkf0my15vts98l/SetupMain.zip?dl=0

Couldn't get the full zip uploaded to Malware Bazaar, because it was too big. Got it sent to VirusTotal, though.

- https://virustotal.com/gui/file/501830f4752ee2d4edd8f74509c59e4ec41949a71d5300574b574e69974f3e5a

51.8 MB zip download, containing a bunch of crap and a 624 MB Windows EXE file.

I carved the extracted EXE to remove the padding, and the carved sample is available at: https://bazaar.abuse.ch/sample/2e25487

Analysis of the carved EXE:

- https://tria.ge/221230-fk3mgaa
- https://app.any.run/tasks/80236e10-6116-4b50-a1c1-58ac52b52a21

Even though my host was set up for Brazil Portuguese, the fake AnyDesk page and downloaded malware were in English.

📬 RisePro: Malware zielt auf Softwarepiraten
#DarkCommerce #Hacking #Flashpoint #Infostealer #Malware #RisePro #Sekoia #Softwarepiraten #Vidar https://tarnkappe.info/artikel/hacking/risepro-malware-zielt-auf-softwarepiraten-261504.html

Vidar Audio Hammer v1.0.0 VST3 AU AAX WiN Mac [FREE]
HAMMER is a hybrid modern and vintage compressor/limiter.

And best of all, the plugin is free.

This plug-in is compatible with both Windows and Mac and combines ease of use
https://testblog.music-society.de/vidar-audio-hammer-v1-0-0-vst3-au-aax-win-mac-free/vst-vst3-aax-au/musicus/
#VST-VST3-AAX-AU #AAX #AppleSilicon #AU #compressor #easy #free #hybrid #Intel #l #Limiter #MacOS #Mix #other #RMS #Vidar #Vintage #VST3 #Windows #x64

Pretty sneaky for #Vidar malware to hide next stage IP in Gamer Name /Gamer profile on Steam Community.

Malware connects to steamcommunity to get next stage.

Initial vector is on Discord, reported abuse now on URLHaus
https://urlhaus.abuse.ch/url/2431882/

Payload

https://bazaar.abuse.ch/sample/837d4db80b053556a26fcb2ee3aa58b7aacf1f1f6f58be8552982c30325f732b/

#Steam #SteamCommunity #Malware #Infosec #CyberSecurity

Kalau program itu berbayar, pertama lihat dulu apakah ada alternatif lain yang gratis dan sumber terbuka (FOSS)?

Jika tidak ada atau merasa alternatif FOSS kurang memuaskan, maka belilah lisensinya.

RT @CKsTechNews@twitter.com

#YouTube Tutorial Videos Spreading #Vidar and #Raccoon #Malware

The new campaign highlights the fact that downloading cracked software is bad news.

https://www.hackread.com/youtube-videos-vidar-raccoon-malware/

🐦🔗: https://twitter.com/CKsTechNews/status/1591462549781987329

#YouTube Tutorial Videos Spreading #Vidar and #Raccoon #Malware

The new campaign highlights the fact that downloading cracked software is bad news.

https://www.hackread.com/youtube-videos-vidar-raccoon-malware/