Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
日本語
Entry № 1329

Vidar Stealer

Vidar Stealer とは何ですか?

Vidar StealerA long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures.

Vidar Stealer is a Windows information stealer first seen in late 2018, originally forked from the older Arkei family by a Russian-speaking actor. It remained one of the steadiest commodity stealers through 2024 despite the rise and fall of competitors. Vidar collects browser-stored credentials, cookies, autofill, and credit-card data from Chromium and Gecko browsers; crypto-wallet keystores and browser-extension data; Discord, Telegram, Steam and FTP sessions; arbitrary files matching operator-defined patterns; screenshots; and host fingerprinting. The C2 infrastructure is notable for hosting configuration on legitimate platforms (Telegram channels, Steam profile descriptions, Mastodon profile bios) so that a quick takedown of one C2 IP does not break the malware — a 'dead-drop resolver' pattern Vidar helped popularize. Distribution vectors include cracked software, fake installers, Google Ads malvertising, ClickFix fake-CAPTCHA pages, and YouTube SEO bait. Forks such as Mars Stealer and Aurora Stealer share much of Vidar's codebase.

  1. 01

    A Vidar sample fetches its current C2 IP by parsing a Steam profile description, then exfiltrates browser logs to that endpoint over plain HTTP.

  2. 02

    A YouTube tutorial linking to a 'crack' installer drops Vidar via a SmartLoader stage, which in turn loads Lumma as a follow-on payload.

よくある質問

Vidar Stealer とは何ですか?

A long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures. サイバーセキュリティの マルウェア カテゴリに属します。

Vidar Stealer とはどういう意味ですか?

A long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures.

Vidar Stealer はどのように機能しますか?

Vidar Stealer is a Windows information stealer first seen in late 2018, originally forked from the older Arkei family by a Russian-speaking actor. It remained one of the steadiest commodity stealers through 2024 despite the rise and fall of competitors. Vidar collects browser-stored credentials, cookies, autofill, and credit-card data from Chromium and Gecko browsers; crypto-wallet keystores and browser-extension data; Discord, Telegram, Steam and FTP sessions; arbitrary files matching operator-defined patterns; screenshots; and host fingerprinting. The C2 infrastructure is notable for hosting configuration on legitimate platforms (Telegram channels, Steam profile descriptions, Mastodon profile bios) so that a quick takedown of one C2 IP does not break the malware — a 'dead-drop resolver' pattern Vidar helped popularize. Distribution vectors include cracked software, fake installers, Google Ads malvertising, ClickFix fake-CAPTCHA pages, and YouTube SEO bait. Forks such as Mars Stealer and Aurora Stealer share much of Vidar's codebase.

Vidar Stealer からどのように防御しますか?

Vidar Stealer に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

Vidar Stealer の別名は何ですか?

一般的な別名: Vidar。

関連用語