SEKOIA.IO analysts unveiled a large and resilient infrastructure used to distribute Raccoon and Vidar stealers, likely since early 2020. The associated infection chain, leveraging this infrastructure of over 250 domains, uses about a hundred of fake cracked software catalogue websites that redirect to several links before downloading the payload hosted on file share platforms, such as GitHub. We published a FLINT that presents the current infection chain, distributed payloads and the whole infrastructure tracked by SEKOIA.IO.  Related resources: * [FLINT 2023-001 - Unveiling of a large resilient infrastructure distributing infostealers](https://app.sekoia.io/intelligence/objects/report--c3251d61-e7e6-4bba-9fbb-b61032ed919b) * [Infrastructure page in the Intelligence Center](https://app.sekoia.io/intelligence/objects/infrastructure--1deb228c-6a3e-4dc9-b4da-e42f014548c7)