Vidar

Malware updated a day ago (2024-11-20T18:02:13.940Z)
Download STIX
Preview STIX
Vidar is a malicious software (malware) that primarily targets Windows systems, written in C++ and based on the Arkei stealer. It has historically been favored by threat actors who sell logs through marketplaces like 2easy, alongside other infostealers such as Raccoon, RedLine, and AZORult. The malware operates by stealing data from infected systems; however, in certain cases, it uses the ACR Stealer as an exfiltration module instead of directly stealing data. Interestingly, Vidar downloads the ACR stealer, which can be extracted using the IDAT loader extractor. The distribution methods of Vidar have evolved over time, transitioning from traditional spam campaigns and cracked software to more sophisticated techniques like malicious Google Search ads. In some instances, the actors behind Vidar spread it by posting comments on YouTube that contain links to a ZIP or RAR archive hosted on a file-sharing platform. These platforms change on a weekly basis, making it difficult for law enforcement to disrupt operations. Despite these efforts, Vidar and other similar malwares like Lumma, RedLine, and others have proven resilient, continually adapting and adopting new techniques to survive. Vidar is sold through a malware-as-a-service model via ads and forums on the dark web and Telegram groups. One of the recent campaigns involved malicious ads containing links to executable files serving Rilide, Vidar, IceRAT, and Nova Stealers. Users interacting with these ads could unknowingly download and deploy harmful files onto their devices. The purpose of some associated files, such as "install.cmd" and XLSX files containing Facebook account names and specific monetary information, remains unclear. To impersonate legitimate services and deceive users, Vidar's installer shows a splash screen impersonating Midjourney.
Description last updated: 2024-11-15T16:02:11.621Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Arkei Stealer is a possible alias for Vidar. The Arkei Stealer is a type of malware, specifically designed to infiltrate and exploit computer systems. This malicious software, written in C++, first emerged in May 2018 and has since been forked or rebranded several times. The malware can infect a system through various means such as suspicious
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Infostealer
Ransomware
Youtube
Exploit
Payload
Maas
Phishing
Cobalt Strike
Loader
Malware Loader
Telegram
Cybercrime
Scams
Credentials
Dropper
Android
Github
1password
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Redline Malware is associated with Vidar. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RedLine has been favored by threat actorUnspecified
12
The Raccoon Malware is associated with Vidar. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $Unspecified
7
The Mars Malware is associated with Vidar. Mars is a malicious software (malware) that has been discovered by the Trend Micro Mobile Application Reputation Service (MARS) team. This malware, related to other known threats like Vidar and Redline, has been involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Andis related to
3
The Batloader Malware is associated with Vidar. Batloader is a malware downloader posing as installers or updates for legitimate applications such as Microsoft Teams, Zoom, and others. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personalUnspecified
3
The Redline Stealer Malware is associated with Vidar. The RedLine Stealer is a formidable malware that specializes in stealthily stealing credentials and sensitive information. First documented in 2020, it has since evolved to use the Windows Communication Foundation (WCF) framework and later a REST API for network communication. This malware infects sUnspecified
3
The Risepro Malware is associated with Vidar. RisePro is a type of malware, specifically an info-stealer, designed to infiltrate and damage computer systems. It operates by exploiting vulnerabilities in a device, often through suspicious downloads, emails, or websites, typically without the user's knowledge. Once inside, RisePro can disrupt opeUnspecified
3
The Lummac2 Malware is associated with Vidar. LummaC2 is a malicious software (malware) that was initially identified in Russian-speaking forums in 2022. The malware, written in C and distributed as Malware-as-a-Service (MaaS), has been actively developed over time, with researchers noting that LummaC2 4.0 operates as a dynamic malware strain. Unspecified
3
The Privateloader Malware is associated with Vidar. PrivateLoader is a notable malware that has been active since at least December 19, 2022. It acts as the first step in many malware schemes, often initiating an infection chain that leads to other malicious software. The malware can infiltrate systems through suspicious downloads, emails, or websiteUnspecified
3
The Minodo Malware is associated with Vidar. Minodo is a type of malware, a harmful program designed to exploit and damage computer systems. It can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hUnspecified
2
The Royal Ransomware Malware is associated with Vidar. Royal Ransomware is a form of malware that was active from September 2022 through June 2023. This malicious software, designed to exploit and damage computers or devices, would infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it could steaUnspecified
2
The Lumma Stealer Malware is associated with Vidar. Lumma Stealer is a potent malware designed to exfiltrate information from compromised systems, including system details, web browsers, and browser extensions. The malware was primarily delivered to victims through websites hosting cracked games, specifically targeting gamers. In July 2024, it was diUnspecified
2
The Netsupport Malware is associated with Vidar. NetSupport is a legitimate remote access software that has been repurposed as malware by various cybercriminal groups. It has been observed in several high-profile cyber-attacks, including the Royal ransomware attack and operations conducted by former ITG23 members. The malware can infiltrate systemUnspecified
2
The Systembc Malware is associated with Vidar. SystemBC is a type of malware, or malicious software, known for its disruptive and exploitative nature. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once embedded, it can steal personal information, interrupt operations, or hold data hostage fUnspecified
2
The Stealc Malware is associated with Vidar. StealC is a form of malware that specifically targets browser extensions and password managers. Its emergence was first reported in early 2023 and it quickly grew in popularity on the dark web due to its ability to bypass traditional security measures. The malware's modus operandi involves stealing Unspecified
2
The Diceloader Malware is associated with Vidar. Diceloader is a type of malware, short for malicious software, that is designed to infiltrate and damage computer systems. It can infect systems through various means such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, it can steal personal inUnspecified
2
The Raccoon Stealer Malware is associated with Vidar. Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hackiUnspecified
2
The Amos Malware is associated with Vidar. AMOS is a malicious software (malware) specifically designed to target macOS systems. First identified in early 2023, it has been associated with campaigns such as the ClearFake campaign, which spread the AMOS information stealer across macOS devices. This malware is particularly dangerous due to itis related to
2
The Atomic Macos Stealer Amos Malware is associated with Vidar. In April 2023, Cyble Research and Intelligence Labs (CRIL) discovered a new malware named Atomic macOS Stealer (AMOS) being advertised for sale on a Telegram channel. The malware was found to be part of a larger operation involving several other variants such as Vidar, Lumma, and Octo. These threat Unspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Gandcrab Threat Actor is associated with Vidar. GandCrab, a threat actor, is known for its malicious activities involving ransomware attacks. Originating from Russian origins and evolving from Team Truniger, a former GandCrab affiliate, the group has been linked to numerous ransomware variants including Bad Rabbit, LockBit 2.0, STOP/DJVU, and REvUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The vulnerability Atomic Macos Stealer (Amos is associated with Vidar. Unspecified
2
Source Document References
Information about the Vidar Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
6 days ago
Securelist
a month ago
Bitdefender
a month ago
ESET
4 months ago
Unit42
4 months ago
Fortinet
4 months ago
Recorded Future
4 months ago
ESET
5 months ago
ESET
5 months ago
DARKReading
5 months ago
DARKReading
5 months ago
Securityaffairs
6 months ago
Recorded Future
6 months ago
InfoSecurity-magazine
6 months ago
CERT-EU
2 years ago
Flashpoint
10 months ago
InfoSecurity-magazine
7 months ago
Bitdefender
8 months ago
CERT-EU
8 months ago
CERT-EU
9 months ago