Researchers Discover How Colibri Malware Remains Persistent in Hacked Systems
Researchers have described a \”simple, but efficient\” persistence method adopted by Colibri – a relatively new malware loader. Vidar is a Windows data stealer that was observed being deployed as part of the latest campaign.
In an analysis, Malwarebytes Labs stated that the attack begins with a malicious Word file that deploys a Colibri Bot which then delivers Vidar Stealer. The document contacts (securetunnel[. The document contacts a remote server at (securetunnel[.
Colibri was first documented by FR3D.HK, an Indian cybersecurity firm CloudSEK and FR3D.HK earlier this year. It is a Malware-as a Service (MaaS), a platform designed to deliver additional payloads on compromised systems. The first signs of the loader were seen on Russian underground forums as early as August 2021.