Vidar Stealer
Was ist Vidar Stealer?
Vidar StealerA long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures.
Vidar Stealer is a Windows information stealer first seen in late 2018, originally forked from the older Arkei family by a Russian-speaking actor. It remained one of the steadiest commodity stealers through 2024 despite the rise and fall of competitors. Vidar collects browser-stored credentials, cookies, autofill, and credit-card data from Chromium and Gecko browsers; crypto-wallet keystores and browser-extension data; Discord, Telegram, Steam and FTP sessions; arbitrary files matching operator-defined patterns; screenshots; and host fingerprinting. The C2 infrastructure is notable for hosting configuration on legitimate platforms (Telegram channels, Steam profile descriptions, Mastodon profile bios) so that a quick takedown of one C2 IP does not break the malware — a 'dead-drop resolver' pattern Vidar helped popularize. Distribution vectors include cracked software, fake installers, Google Ads malvertising, ClickFix fake-CAPTCHA pages, and YouTube SEO bait. Forks such as Mars Stealer and Aurora Stealer share much of Vidar's codebase.
● Beispiele
- 01
A Vidar sample fetches its current C2 IP by parsing a Steam profile description, then exfiltrates browser logs to that endpoint over plain HTTP.
- 02
A YouTube tutorial linking to a 'crack' installer drops Vidar via a SmartLoader stage, which in turn loads Lumma as a follow-on payload.
● Häufige Fragen
Was ist Vidar Stealer?
A long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures. Es gehört zur Kategorie Schadsoftware der Cybersicherheit.
Was bedeutet Vidar Stealer?
A long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures.
Wie funktioniert Vidar Stealer?
Vidar Stealer is a Windows information stealer first seen in late 2018, originally forked from the older Arkei family by a Russian-speaking actor. It remained one of the steadiest commodity stealers through 2024 despite the rise and fall of competitors. Vidar collects browser-stored credentials, cookies, autofill, and credit-card data from Chromium and Gecko browsers; crypto-wallet keystores and browser-extension data; Discord, Telegram, Steam and FTP sessions; arbitrary files matching operator-defined patterns; screenshots; and host fingerprinting. The C2 infrastructure is notable for hosting configuration on legitimate platforms (Telegram channels, Steam profile descriptions, Mastodon profile bios) so that a quick takedown of one C2 IP does not break the malware — a 'dead-drop resolver' pattern Vidar helped popularize. Distribution vectors include cracked software, fake installers, Google Ads malvertising, ClickFix fake-CAPTCHA pages, and YouTube SEO bait. Forks such as Mars Stealer and Aurora Stealer share much of Vidar's codebase.
Wie schützt man sich gegen Vidar Stealer?
Schutzmaßnahmen gegen Vidar Stealer kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.
Welche anderen Bezeichnungen gibt es für Vidar Stealer?
Übliche alternative Bezeichnungen: Vidar.
● Verwandte Begriffe
- malware№ 591
Info-Stealer
Schadsoftware, die Zugangsdaten, Cookies, Tokens, Krypto-Wallets und andere sensible Daten von einem infizierten Gerät erbeutet und an den Angreifer überträgt.
- malware№ 254
Credential-Stealer
Schadsoftware, die gezielt Passwörter, Hashes und Authentifizierungstoken aus einem infizierten System oder dessen Speicher extrahiert.
- malware№ 708
Lumma Stealer
A subscription-priced Russian-speaking malware-as-a-service info-stealer that emerged in 2022 and became one of the top-three stealers worldwide by 2024, distributed primarily via ClickFix lures and crack sites.
- malware№ 1014
RedLine Stealer
A subscription Windows info-stealer that dominated 2020–2023 cybercrime markets, harvesting browser secrets, crypto wallets, and FTP/VPN credentials; its infrastructure was disrupted by Operation Magnus in October 2024.
- malware№ 998
Raccoon Stealer
A long-running malware-as-a-service info-stealer first seen in 2019; its operator was arrested in 2022 and the project was restarted as Raccoon v2, then progressively eclipsed by Lumma and RedLine.
- attacks№ 720
Malvertising
Missbrauch von Online-Werbenetzwerken, um Schadsoftware, Exploits oder Betrug über scheinbar legitime Anzeigen auf vertrauenswürdigen Websites zu verbreiten.