1.1 1.2 Infostealers Vidar Redline Vidar is a widely used malware that has been active since October 2018. It is sold through Telegram and underground forums for as little as $150 5 . Aside from attempts to steal passwords, cookies, and history from infected machines, Vidar also looks for credit cards details, Cryptocurrency wallets, file transfer application information, mailing application information, etc. Once Vidar is finished obtaining the information, it wipes all the evidence of its presence from the victim’s machine. In addition to stealing information, Vidar can also be used as a downloader to infect the system with additional malware. Redline is available on underground forums for sale as a permanent version or on a subscription basis. This malware can upload and download files, execute commands, and periodically send back information about the infected computer 6 . Redline was first sold in the underground forums in February 2020 7 . An infostealer, or information stealer, is a malicious software that aims to gather information, such as username and passwords, from a system. Infostealers are often sold on hacking forums for prices ranging from a few dollars to hundreds of dollars for permanent use or for a subscription. While bot markets use multiple kinds infostealers, our research focuses on the top five: Vidar, Redline, Racoon, AZORult, and Taurus. https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer https://www.bleepingcomputer.com/news/security/vidar-stealer-abuses-mastodon-to-silently-get-c2- configuration/ https://asec.ahnlab.com/en/26584/ 5. 6. 7. 1 2 Executive Summary 1.3 1.4 6 The Rise of Dark Web Botnet Marketplaces