The bait this time is the unexpected closure of the account and some pending messages. With the excuse of fixing the error, threat actors try to steal the credentials.
Tecnica analysis by the Malware Hunter JAMESWT
A fake SWIFT payment carries the latest cybercrime campaign to deliver Vidar. The email xz attachment of the email contains an exe, the malware itself. This is an info stealer which targets passwords, credit cards and wallets
A fake SWIFT payment from a Chinese company conveys the new global Vidar campaign.
The email attachment xz contains an exe. This, if open, activates the chain of infection.
Vidar is a info stealer used by cybercrime to steal passwords, credit card data and information on cryptocurrency wallets. In the past it has been conveyed thanks to the Fallout exploit kit through phishing campaigns.