{"id":1761,"date":"2023-09-27T11:50:11","date_gmt":"2023-09-27T11:50:11","guid":{"rendered":"https:\/\/certera.com\/blog\/?p=1761"},"modified":"2023-09-27T11:50:13","modified_gmt":"2023-09-27T11:50:13","slug":"redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/","title":{"rendered":"Redline &#038; Vidar Cyber Threats Adopts EV Certificates, Targets Ransomware"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">In the recent revelation, threat actors affiliated with RedLine and Vidar information stealing campaigns have exhibited a concerning shift towards ransomware dissemination by incorporating phishing strategies that spread initial payloads secured with <a href=\"https:\/\/certera.com\/code-signing\/ev-code-signing\">Extended Validation (EV) Code Signing certificates<\/a>. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In lay terms, these threat actors <strong>use the same methods to deliver ransomware as they do to distribute the info-stealers<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">During the timeframe spanning July to August 2023, <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/i\/redline-vidar-first-abuses-ev-certificates.html\">more than <strong>30 <\/strong>samples surfaced<\/a>, all carrying a common thread: they were signed with EV code signing certificates. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These samples were linked to a specific type of info-stealing malware known as <strong>TrojanSpy.Win32.VIDAR.SMA<\/strong>. What made the situation more complicated was that &#8211; &#8220;Each of these samples had unique characteristics, deliberately crafted to evade detection.&#8221; <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This diversity made it exceptionally challenging to identify and combat these threats effectively. In the context of RedLine and Vedar campaigns, researchers also suspected the person who signed these EV certificates as they may own the physical security token or have access to the computer to which the security token is connected.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In a cyber incident investigated by a leading cybersecurity firm, an unnamed victim fell prey to this two-stage attack. The victim initially received a payload-carrying info-stealing malware signed with an EV Code Signing certificate from multiple campaigns starting around July 10. Subsequently, on August 9, they got hit with ransomware utilizing the same delivery technique that was previously used. The ransomware was deployed after the victim downloaded and opened a fake TripAdvisor-Complaint.pdf.htm attachment.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">After opening the attachment and selecting &#8220;<strong>Read Complaint<\/strong>,&#8221; the victim unwittingly executes several JavaScript files, like &#8211; jquery.min.js, moment.min.js, client.min.js, module.tripadvisor.js, etc., from the website samuelelena[.]co. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As a result, the victim downloads and executes the file TripAdvisor Complaint-Possible Suspension.exe. An alternative malware version downloads an Excel XLL file (a file created using Excel-DNA, which integrates .NET into Microsoft Excel to execute malware when the file is opened) when the &#8220;Read Complaint&#8221; button is selected.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The file TripAdvisor Complaint-Possible Suspension.exe connects to URLs such as doi[.]org (which governs the Digital Object Identifier system) and i.ibb[.]co\/Gp95Qcw\/2286401330.png (an image hosting site). The contents of the 2286401330.png file are read and transformed into an encrypted shellcode, which is then saved in a file path such as <strong>C:\\Users\\&lt;username&gt;\\AppData\\Roaming\\KYMRCRHEVFUJGZHWNKKD\\YUUUBCFJVYCNCBMABZLBL<\/strong>. This shellcode is then decrypted to generate another shellcode, which is saved in a file path such as <strong>C:\\Users\\&lt;username&gt;\\AppData\\Local\\Temp\\70685a9e<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The malware then spawns <strong>cmd.exe<\/strong> and injects the second decrypted shellcode (70685a9e) into it. Following this, cmd.exe drops a legitimate standalone console application called rgb9rast.exe in %temp% and launches it. Eventually, the ransomware payload identified as <strong>Ransom.Win64.CYCLOPS.A <\/strong>is injected into <strong>rgb9rast.exe<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To carry out such a hybrid (two-stage) attack, RedLine and Vidar operators utilize sly tactics that prey on human psychology and exploit common user behaviors. O<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">ne such tactic is &#8211; &#8220;Spear Phishing Emails,&#8221; crafted to urge immediate action, often related to health or finances. They also employ &#8220;Double Extension&#8221; files, hiding malicious EXE files as harmless PDFs or JPEGs. Additionally, they use &#8220;LNK files&#8221; to execute their malicious payloads, evading detection discreetly.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In order to protect yourself from such attacks &#8211; refrain from downloading files, programs, software, etc., from unverified sources or websites, install a multilayered protection system for your individual and enterprise systems, use strong passwords, keep software updated, install antivirus,\u00a0 and regularly back up your data.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the recent revelation, threat actors affiliated with RedLine and Vidar information stealing campaigns have exhibited a concerning shift towards ransomware dissemination by incorporating phishing strategies that spread initial payloads secured with Extended Validation (EV) Code Signing certificates. In lay terms, these threat actors use the same methods to deliver ransomware as they do to<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":1773,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31],"tags":[298,300,299,297],"class_list":["post-1761","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-attack","tag-abused-ev-code-signing-certificates","tag-ev-code-signing-certificate-abuse","tag-redline-and-vidar-distribute-ransomware","tag-redline-vidar-abuses-ev-certificates","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Redline\/Vidar Cyber Threats Adopts EV Certificates, Targets Ransomware<\/title>\n<meta name=\"description\" content=\"Cybercriminals behind RedLine and Vidar info stealers have shifted tactics, employing Extended Validation (EV) certificates to propagate ransomware.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Redline\/Vidar Cyber Threats Adopts EV Certificates, Targets Ransomware\" \/>\n<meta property=\"og:description\" content=\"Cybercriminals behind RedLine and Vidar info stealers have shifted tactics, employing Extended Validation (EV) certificates to propagate ransomware.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"EncryptedFence by Certera - Web &amp; Cyber Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-27T11:50:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-27T11:50:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/09\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"620\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/09\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\"},\"headline\":\"Redline &#038; Vidar Cyber Threats Adopts EV Certificates, Targets Ransomware\",\"datePublished\":\"2023-09-27T11:50:11+00:00\",\"dateModified\":\"2023-09-27T11:50:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/\"},\"wordCount\":601,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp\",\"keywords\":[\"abused EV code signing certificates\",\"EV Code Signing Certificate Abuse\",\"RedLine and Vidar distribute ransomware\",\"RedLine\\\/Vidar Abuses EV Certificates\"],\"articleSection\":[\"Cyber Attack\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/#respond\"]}],\"copyrightYear\":\"2023\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/\",\"name\":\"Redline\\\/Vidar Cyber Threats Adopts EV Certificates, Targets Ransomware\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp\",\"datePublished\":\"2023-09-27T11:50:11+00:00\",\"dateModified\":\"2023-09-27T11:50:13+00:00\",\"description\":\"Cybercriminals behind RedLine and Vidar info stealers have shifted tactics, employing Extended Validation (EV) certificates to propagate ransomware.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp\",\"width\":960,\"height\":620,\"caption\":\"Redline Vidar Cyber Threat Abuse EV SSL\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Redline &#038; Vidar Cyber Threats Adopts EV Certificates, Targets Ransomware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"name\":\"EncryptedFence by Certera - Web & Cyber Security Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"alternateName\":\"Certera's EncryptedFence Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\\\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.\",\"sameAs\":[\"https:\\\/\\\/certerassl.com\\\/\"],\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/author\\\/certerabguser\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Redline\/Vidar Cyber Threats Adopts EV Certificates, Targets Ransomware","description":"Cybercriminals behind RedLine and Vidar info stealers have shifted tactics, employing Extended Validation (EV) certificates to propagate ransomware.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/","og_locale":"en_US","og_type":"article","og_title":"Redline\/Vidar Cyber Threats Adopts EV Certificates, Targets Ransomware","og_description":"Cybercriminals behind RedLine and Vidar info stealers have shifted tactics, employing Extended Validation (EV) certificates to propagate ransomware.","og_url":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/","og_site_name":"EncryptedFence by Certera - Web &amp; Cyber Security Blog","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2023-09-27T11:50:11+00:00","article_modified_time":"2023-09-27T11:50:13+00:00","og_image":[{"width":960,"height":620,"url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/09\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_image":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/09\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/#article","isPartOf":{"@id":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/"},"author":{"name":"Janki Mehta","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7"},"headline":"Redline &#038; Vidar Cyber Threats Adopts EV Certificates, Targets Ransomware","datePublished":"2023-09-27T11:50:11+00:00","dateModified":"2023-09-27T11:50:13+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/"},"wordCount":601,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"image":{"@id":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/09\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp","keywords":["abused EV code signing certificates","EV Code Signing Certificate Abuse","RedLine and Vidar distribute ransomware","RedLine\/Vidar Abuses EV Certificates"],"articleSection":["Cyber Attack"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/#respond"]}],"copyrightYear":"2023","copyrightHolder":{"@id":"https:\/\/certera.com\/blog\/#organization"}},{"@type":"WebPage","@id":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/","url":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/","name":"Redline\/Vidar Cyber Threats Adopts EV Certificates, Targets Ransomware","isPartOf":{"@id":"https:\/\/certera.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/09\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp","datePublished":"2023-09-27T11:50:11+00:00","dateModified":"2023-09-27T11:50:13+00:00","description":"Cybercriminals behind RedLine and Vidar info stealers have shifted tactics, employing Extended Validation (EV) certificates to propagate ransomware.","breadcrumb":{"@id":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/#primaryimage","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/09\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/09\/redline-vidar-cyber-threats-adopts-ev-certificates-jpg.webp","width":960,"height":620,"caption":"Redline Vidar Cyber Threat Abuse EV SSL"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/blog\/redline-vidar-cyber-threats-adopts-ev-certificates-targets-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Redline &#038; Vidar Cyber Threats Adopts EV Certificates, Targets Ransomware"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/blog\/#website","url":"https:\/\/certera.com\/blog\/","name":"EncryptedFence by Certera - Web & Cyber Security Blog","description":"","publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"alternateName":"Certera's EncryptedFence Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/blog\/#organization","name":"Certera","url":"https:\/\/certera.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.","sameAs":["https:\/\/certerassl.com\/"],"url":"https:\/\/certera.com\/blog\/author\/certerabguser\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/1761","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/comments?post=1761"}],"version-history":[{"count":3,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/1761\/revisions"}],"predecessor-version":[{"id":1774,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/1761\/revisions\/1774"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media\/1773"}],"wp:attachment":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media?parent=1761"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/categories?post=1761"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/tags?post=1761"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}