Info Stealing
Windows
Vidar is an info stealer that popped up in late 2018 and is a malware-as-a-service. It targets Windows systems, stealing data from browsers, digital wallets and other applications. Vidar can also be a downloader for other malware, including ransomware, making it even more dangerous for compromised systems.
Vidar can collect lots of information from infected machines. It gets browser data such as autofill entries, cookies, browsing history, and saved credentials. It also looks for cryptocurrency wallets to steal digital assets. Besides that, Vidar can get system information, including IP addresses and installed software details, so attackers have a full profile of the victim’s environment.
Distribution
Vidar’s distribution is through social engineering. Threat actors send phishing emails with malicious attachments or links, drive-by downloads from compromised website,s and deceptive ads for fake software downloads. Vidar has been seen to disguise itself as legitimate applications like Adobe Photoshop and Microsoft Teams to trick users into running it.
Evolution and Impact
Since its debut, Vidar has evolved and incorporated features from the Arkei malware family. Its versatility and effectiveness has made it popular among cybercriminals and it’s now one of the most common info stealers in the threat landscape. The fact that it can be a downloader makes its impact even worse, allowing it to drop more malware on compromised systems.
Implement email filtering to detect and block phishing.
Educate users not to download software from untrusted sources.
Update and patch systems and applications regularly.
Deploy advanced endpoint protection solutions capable of detecting and responding to malware like Vidar.
