Tracking the Stealthy Movements of Vidar Info-Stealer Malware

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Vidar is an info-stealer malware that was first spotted in the wild in late 2018. It is considered a distinct fork of the Arkei malware family and has a simple business model where customers pay between $130 and $750 for a subscription, with the option to customize the targeted information types. The malware is designed to steal various types of information including browser histories, cookies, credentials, cryptocurrency wallets, and two-factor authentication software data. The delivery methodology for Vidar has varied over time, utilizing email/phishing lures and ‘poisoned’ cracked software targeting vendors such as AnyDesk and Windows.