Vidar Stealer.

A long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures. Относится к категории Вредоносное ПО в кибербезопасности.

A long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures.

Vidar Stealer is a Windows information stealer first seen in late 2018, originally forked from the older Arkei family by a Russian-speaking actor. It remained one of the steadiest commodity stealers through 2024 despite the rise and fall of competitors. Vidar collects browser-stored credentials, cookies, autofill, and credit-card data from Chromium and Gecko browsers; crypto-wallet keystores and browser-extension data; Discord, Telegram, Steam and FTP sessions; arbitrary files matching operator-defined patterns; screenshots; and host fingerprinting. The C2 infrastructure is notable for hosting configuration on legitimate platforms (Telegram channels, Steam profile descriptions, Mastodon profile bios) so that a quick takedown of one C2 IP does not break the malware — a 'dead-drop resolver' pattern Vidar helped popularize. Distribution vectors include cracked software, fake installers, Google Ads malvertising, ClickFix fake-CAPTCHA pages, and YouTube SEO bait. Forks such as Mars Stealer and Aurora Stealer share much of Vidar's codebase.

Защита от Vidar Stealer обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: Vidar.