Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
Español
Entry № 1329

Vidar Stealer

¿Qué es Vidar Stealer?

Vidar StealerA long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures.

Vidar Stealer is a Windows information stealer first seen in late 2018, originally forked from the older Arkei family by a Russian-speaking actor. It remained one of the steadiest commodity stealers through 2024 despite the rise and fall of competitors. Vidar collects browser-stored credentials, cookies, autofill, and credit-card data from Chromium and Gecko browsers; crypto-wallet keystores and browser-extension data; Discord, Telegram, Steam and FTP sessions; arbitrary files matching operator-defined patterns; screenshots; and host fingerprinting. The C2 infrastructure is notable for hosting configuration on legitimate platforms (Telegram channels, Steam profile descriptions, Mastodon profile bios) so that a quick takedown of one C2 IP does not break the malware — a 'dead-drop resolver' pattern Vidar helped popularize. Distribution vectors include cracked software, fake installers, Google Ads malvertising, ClickFix fake-CAPTCHA pages, and YouTube SEO bait. Forks such as Mars Stealer and Aurora Stealer share much of Vidar's codebase.

Ejemplos

  1. 01

    A Vidar sample fetches its current C2 IP by parsing a Steam profile description, then exfiltrates browser logs to that endpoint over plain HTTP.

  2. 02

    A YouTube tutorial linking to a 'crack' installer drops Vidar via a SmartLoader stage, which in turn loads Lumma as a follow-on payload.

Preguntas frecuentes

¿Qué es Vidar Stealer?

A long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures. Pertenece a la categoría de Malware en ciberseguridad.

¿Qué significa Vidar Stealer?

A long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures.

¿Cómo funciona Vidar Stealer?

Vidar Stealer is a Windows information stealer first seen in late 2018, originally forked from the older Arkei family by a Russian-speaking actor. It remained one of the steadiest commodity stealers through 2024 despite the rise and fall of competitors. Vidar collects browser-stored credentials, cookies, autofill, and credit-card data from Chromium and Gecko browsers; crypto-wallet keystores and browser-extension data; Discord, Telegram, Steam and FTP sessions; arbitrary files matching operator-defined patterns; screenshots; and host fingerprinting. The C2 infrastructure is notable for hosting configuration on legitimate platforms (Telegram channels, Steam profile descriptions, Mastodon profile bios) so that a quick takedown of one C2 IP does not break the malware — a 'dead-drop resolver' pattern Vidar helped popularize. Distribution vectors include cracked software, fake installers, Google Ads malvertising, ClickFix fake-CAPTCHA pages, and YouTube SEO bait. Forks such as Mars Stealer and Aurora Stealer share much of Vidar's codebase.

¿Cómo defenderse de Vidar Stealer?

Las defensas contra Vidar Stealer combinan habitualmente controles técnicos y prácticas operativas, como se detalla en la definición.

¿Cuáles son otros nombres para Vidar Stealer?

Nombres alternativos comunes: Vidar.

Términos relacionados