#vidar — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #vidar, aggregated by home.social.
-
The Evolution of ClickFix: From Cleartext to Server Side Polymorphism
The ClickFix campaign has evolved from basic disk-based infections to sophisticated, obfuscated attacks using fake CAPTCHA pages that trick victims into executing malicious PowerShell commands. Initial variants used cleartext commands downloading batch scripts to deploy DeerStealer InfoStealer. The campaign advanced to fileless execution using XOR encryption or Base64 compression, operating entirely in memory. The most dangerous evolution involves server-side polymorphism, where attacker infrastructure dynamically generates unique obfuscated payloads for each victim, delivering Vidar InfoStealer. Active since March 2026 with surging activity through May, the campaign utilizes approximately 4,500 live domains. Both XOR and Base64 variants execute payloads in memory, download executables from attacker infrastructure, and delete traces to evade forensics.
Pulse ID: 6a0d971608b49dfc89267777
Pulse Link: https://otx.alienvault.com/pulse/6a0d971608b49dfc89267777
Pulse Author: AlienVault
Created: 2026-05-20 11:12:22Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CAPTCHA #CyberSecurity #Encryption #ICS #InfoSec #InfoStealer #OTX #OpenThreatExchange #PowerShell #RAT #Vidar #bot #AlienVault
-
Exposing Fox Tempest: A malware-signing service operation
Fox Tempest is a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) business used by cybercriminals to distribute malicious code, including ransomware. The actor abuses Microsoft Artifact Signing to generate fraudulent code-signing certificates, allowing malware to evade security controls. Fox Tempest created over a thousand certificates and established hundreds of Azure tenants to support operations. Microsoft revoked over one thousand certificates and disrupted the service in May 2026 through the Digital Crimes Unit. The operation enabled ransomware deployment including Rhysida by threat actors like Vanilla Tempest, and distributed malware families including Oyster, Lumma Stealer, and Vidar. The MSaaS was available through signspace[.]cloud, charging between $5000-$9000 USD. Attacks impacted healthcare, education, government, and financial services sectors globally.
Pulse ID: 6a0ca3690196d40952527b96
Pulse Link: https://otx.alienvault.com/pulse/6a0ca3690196d40952527b96
Pulse Author: AlienVault
Created: 2026-05-19 17:52:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Azure #Cloud #CyberSecurity #Education #Government #Healthcare #InfoSec #LummaStealer #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RansomWare #Rhysida #Vidar #bot #AlienVault
-
Exposing Fox Tempest: A malware-signing service operation
Fox Tempest is a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) business used by cybercriminals to distribute malicious code, including ransomware. The actor abuses Microsoft Artifact Signing to generate fraudulent code-signing certificates, allowing malware to evade security controls. Fox Tempest created over a thousand certificates and established hundreds of Azure tenants to support operations. Microsoft revoked over one thousand certificates and disrupted the service in May 2026 through the Digital Crimes Unit. The operation enabled ransomware deployment including Rhysida by threat actors like Vanilla Tempest, and distributed malware families including Oyster, Lumma Stealer, and Vidar. The MSaaS was available through signspace[.]cloud, charging between $5000-$9000 USD. Attacks impacted healthcare, education, government, and financial services sectors globally.
Pulse ID: 6a0ca3690196d40952527b96
Pulse Link: https://otx.alienvault.com/pulse/6a0ca3690196d40952527b96
Pulse Author: AlienVault
Created: 2026-05-19 17:52:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Azure #Cloud #CyberSecurity #Education #Government #Healthcare #InfoSec #LummaStealer #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RansomWare #Rhysida #Vidar #bot #AlienVault
-
Vidar v1.5 in Go: same family, new language, heavy sandbox checks
Pulse ID: 6a0bf42ce58cd13d0e923a48
Pulse Link: https://otx.alienvault.com/pulse/6a0bf42ce58cd13d0e923a48
Pulse Author: Tr1sa111
Created: 2026-05-19 05:25:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vidar #bot #Tr1sa111
-
Vidar v1.5 in Go: same family, new language, heavy sandbox checks
Vidar is a name most infostealer trackers know well -- an Arkei descendant that has been snatching browser credentials and crypto wallets since 2018. It usually ships as a .NET binary or a C++ PE. The v1.5 sample we pulled from Triage on May 13, 2026 is neither. It is a 7 MB Go 1.25.4 native PE with a twelve-category sandbox scoring system, dead-drop C2 via Telegram and Steam profile pages, and enough crypto primitives to make a librarian blush.
Pulse ID: 6a0b62751c0e2c5b056102a8
Pulse Link: https://otx.alienvault.com/pulse/6a0b62751c0e2c5b056102a8
Pulse Author: AlienVault
Created: 2026-05-18 19:03:16Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #CyberSecurity #InfoSec #InfoStealer #NET #OTX #OpenThreatExchange #Steam #Telegram #Vidar #bot #AlienVault
-
Vidar Infostealer Exploits Browser Cookies to Steal User Credentials
Pulse ID: 6a09a06adc722e44b1afa4cc
Pulse Link: https://otx.alienvault.com/pulse/6a09a06adc722e44b1afa4cc
Pulse Author: cryptocti
Created: 2026-05-17 11:03:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #InfoSec #InfoStealer #OTX #OpenThreatExchange #Vidar #bot #cryptocti
-
New Stealthy Vidar Stealer Campaign Bypass EDR and Steal Credentials
Pulse ID: 6a0952a57e16da067219eda8
Pulse Link: https://otx.alienvault.com/pulse/6a0952a57e16da067219eda8
Pulse Author: cryptocti
Created: 2026-05-17 05:31:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #Vidar #bot #cryptocti
-
Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
Pulse ID: 6a02ae6f8736a6b944d7d662
Pulse Link: https://otx.alienvault.com/pulse/6a02ae6f8736a6b944d7d662
Pulse Author: Tr1sa111
Created: 2026-05-12 04:37:03Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Autoit #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vidar #bot #Tr1sa111
-
Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
A sophisticated multi-stage infection chain was identified through proactive threat hunting, beginning with the execution of MicrosoftToolkit.exe, a commonly abused hack tool. The attack employed file masquerading techniques, renaming a .dot file to .bat format to evade detection. The malware performed process discovery and attempted to terminate security-related processes before extracting payloads using extract32.exe. An AutoIt-compiled executable (Replies.scr) functioned as a loader, processing an external encrypted payload file and establishing command-and-control communication with infrastructure associated with Vidar Stealer. The malware demonstrated advanced anti-analysis capabilities, including debugger detection and instrumentation callback queries. It targeted credentials, browser data, cryptocurrency wallets, and system information. Post-execution cleanup routines deleted artifacts and terminated processes to minimize forensic evidence and evade detection, significantly complicating incident res...
Pulse ID: 6a01c2382e61b490cfa457e4
Pulse Link: https://otx.alienvault.com/pulse/6a01c2382e61b490cfa457e4
Pulse Author: AlienVault
Created: 2026-05-11 11:49:12Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Autoit #Browser #CyberSecurity #InfoSec #Malware #Microsoft #Nim #OTX #OpenThreatExchange #RAT #Vidar #bot #cryptocurrency #AlienVault
-
Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
Pulse ID: 6a01c03c55b2d8cb451efc11
Pulse Link: https://otx.alienvault.com/pulse/6a01c03c55b2d8cb451efc11
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:40:44Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Autoit #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vidar #bot #CyberHunter_NL
-
'ClickFix' attack tricks users into hacking themselves, ACSC warns:
"Verify that you are human" prompt used to deliver Vidar Stealer malware.
The Australian Cyber Security Centre (ACSC) has stepped in to warn users of an active attack campaign targeting Windows users with Vidar Stealer malware, which is delivered through the so-called ClickFix social engineering technique.
#clickfix #acsc #malware #vidar #stealing #VidarStealer #australia #socialengineering
-
'ClickFix' attack tricks users into hacking themselves, ACSC warns:
"Verify that you are human" prompt used to deliver Vidar Stealer malware.
The Australian Cyber Security Centre (ACSC) has stepped in to warn users of an active attack campaign targeting Windows users with Vidar Stealer malware, which is delivered through the so-called ClickFix social engineering technique.
#clickfix #acsc #malware #vidar #stealing #VidarStealer #australia #socialengineering
-
'ClickFix' attack tricks users into hacking themselves, ACSC warns:
"Verify that you are human" prompt used to deliver Vidar Stealer malware.
The Australian Cyber Security Centre (ACSC) has stepped in to warn users of an active attack campaign targeting Windows users with Vidar Stealer malware, which is delivered through the so-called ClickFix social engineering technique.
#clickfix #acsc #malware #vidar #stealing #VidarStealer #australia #socialengineering
-
'ClickFix' attack tricks users into hacking themselves, ACSC warns:
"Verify that you are human" prompt used to deliver Vidar Stealer malware.
The Australian Cyber Security Centre (ACSC) has stepped in to warn users of an active attack campaign targeting Windows users with Vidar Stealer malware, which is delivered through the so-called ClickFix social engineering technique.
#clickfix #acsc #malware #vidar #stealing #VidarStealer #australia #socialengineering
-
'ClickFix' attack tricks users into hacking themselves, ACSC warns:
"Verify that you are human" prompt used to deliver Vidar Stealer malware.
The Australian Cyber Security Centre (ACSC) has stepped in to warn users of an active attack campaign targeting Windows users with Vidar Stealer malware, which is delivered through the so-called ClickFix social engineering technique.
#clickfix #acsc #malware #vidar #stealing #VidarStealer #australia #socialengineering
-
📢⚠️ New version of Vidar infostealer spreads via fake CAPTCHA, hides in JPEG and TXT files, uses fileless attacks, and steals browser and crypto wallet data.
Read: https://hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/
-
📢⚠️ New version of Vidar infostealer spreads via fake CAPTCHA, hides in JPEG and TXT files, uses fileless attacks, and steals browser and crypto wallet data.
Read: https://hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/
-
📢⚠️ New version of Vidar infostealer spreads via fake CAPTCHA, hides in JPEG and TXT files, uses fileless attacks, and steals browser and crypto wallet data.
Read: https://hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/
-
📢⚠️ New version of Vidar infostealer spreads via fake CAPTCHA, hides in JPEG and TXT files, uses fileless attacks, and steals browser and crypto wallet data.
Read: https://hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/
-
📢⚠️ New version of Vidar infostealer spreads via fake CAPTCHA, hides in JPEG and TXT files, uses fileless attacks, and steals browser and crypto wallet data.
Read: https://hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/
-
Vidar Malware Conceals Payloads in JPEG, TXT Files to Evade Detection
Vidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses.
🔓 https://gbhackers.com/vidar-malware-conceals-payloads/
#malewalker #jpeg #txt #file #vidar #it #secondstagemalware #defense #itsec
-
Vidar Malware Conceals Payloads in JPEG, TXT Files to Evade Detection
Vidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses.
🔓 https://gbhackers.com/vidar-malware-conceals-payloads/
#malewalker #jpeg #txt #file #vidar #it #secondstagemalware #defense #itsec
-
Vidar Malware Conceals Payloads in JPEG, TXT Files to Evade Detection
Vidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses.
🔓 https://gbhackers.com/vidar-malware-conceals-payloads/
#malewalker #jpeg #txt #file #vidar #it #secondstagemalware #defense #itsec
-
Vidar Malware Conceals Payloads in JPEG, TXT Files to Evade Detection
Vidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses.
🔓 https://gbhackers.com/vidar-malware-conceals-payloads/
#malewalker #jpeg #txt #file #vidar #it #secondstagemalware #defense #itsec
-
Vidar Malware Conceals Payloads in JPEG, TXT Files to Evade Detection
Vidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses.
🔓 https://gbhackers.com/vidar-malware-conceals-payloads/
#malewalker #jpeg #txt #file #vidar #it #secondstagemalware #defense #itsec
-
It has been a super busy week, and I totally forgot to post photo of the #Vidar after it was finished.
Unfortunately the box for it was crushed a while ago so just a plain background for this one. This is another, like the Leo, I started a long time ago so some gate marks are more visible than others.Currently, I’m working on a HG Wing Zero which should be the next one I post. #gunpla @Gundam #ironbloodedorphans
-
The upgraded version of #Vidar infostealer is being spread via Reddit and GitHub, hidden in fake game cheats for popular titles like Fortnite and Counter-Strike, targeting young gamers.
Read: https://hackread.com/vidar-2-0-infostealer-fake-game-cheats-github-reddit/
#CyberSecurity #Gaming #Infostealer #Fortnite #CounterStrike
-
#OysterLoader (aka #Broomstick or #Cleanup) is not just another downloader. Often serving as a precursor to #Rhysida #ransomware campaigns or distributing commodity malware such as #Vidar, this threat has evolved significantly as we enter 2026.
https://blog.sekoia.io/oysterloader-unmasked-the-multi-stage-evasion-loader/
-
#OysterLoader (aka #Broomstick or #Cleanup) is not just another downloader. Often serving as a precursor to #Rhysida #ransomware campaigns or distributing commodity malware such as #Vidar, this threat has evolved significantly as we enter 2026.
https://blog.sekoia.io/oysterloader-unmasked-the-multi-stage-evasion-loader/
-
#OysterLoader (aka #Broomstick or #Cleanup) is not just another downloader. Often serving as a precursor to #Rhysida #ransomware campaigns or distributing commodity malware such as #Vidar, this threat has evolved significantly as we enter 2026.
https://blog.sekoia.io/oysterloader-unmasked-the-multi-stage-evasion-loader/
-
#OysterLoader (aka #Broomstick or #Cleanup) is not just another downloader. Often serving as a precursor to #Rhysida #ransomware campaigns or distributing commodity malware such as #Vidar, this threat has evolved significantly as we enter 2026.
https://blog.sekoia.io/oysterloader-unmasked-the-multi-stage-evasion-loader/
-
When you finally reverse the loader for that malware sample #VirusTotal flagged as "APT XYZ". and it turns out to be just a #Vidar #Stealer dropper.
4 Stages including Steganography for nothing 😕 -
Vidar Stealer 2.0 Boosts Infostealer’s Credential Theft and Evasion Capabilities https://thecyberexpress.com/vidar-stealer-2-0-infostealer/ #TheCyberExpressNews #ThreatIntelligence #CredentialAttacks #LummaInfostealer #VidarInfostealer #TheCyberExpress #FirewallDaily #infostealer #cybercrime #CyberNews #Lumma #Vidar
-
Vidar Stealer 2.0 Boosts Infostealer’s Credential Theft and Evasion Capabilities https://thecyberexpress.com/vidar-stealer-2-0-infostealer/ #TheCyberExpressNews #ThreatIntelligence #CredentialAttacks #LummaInfostealer #VidarInfostealer #TheCyberExpress #FirewallDaily #infostealer #cybercrime #CyberNews #Lumma #Vidar
-
Vidar Stealer 2.0 Boosts Infostealer’s Credential Theft and Evasion Capabilities https://thecyberexpress.com/vidar-stealer-2-0-infostealer/ #TheCyberExpressNews #ThreatIntelligence #CredentialAttacks #LummaInfostealer #VidarInfostealer #TheCyberExpress #FirewallDaily #infostealer #cybercrime #CyberNews #Lumma #Vidar
-
Vidar Stealer 2.0 Boosts Infostealer’s Credential Theft and Evasion Capabilities https://thecyberexpress.com/vidar-stealer-2-0-infostealer/ #TheCyberExpressNews #ThreatIntelligence #CredentialAttacks #LummaInfostealer #VidarInfostealer #TheCyberExpress #FirewallDaily #infostealer #cybercrime #CyberNews #Lumma #Vidar
-
Vidar Stealer Exploits: Direct Memory Attacks Used to Capture Browser Credentials https://gbhackers.com/vidar-stealer-exploits/ #CyberSecurityNews #cybersecurity #Vidar
-
Vidar Infostealer Back with a Vengeance – Source: www.darkreading.com https://ciso2ciso.com/vidar-infostealer-back-with-a-vengeance-source-www-darkreading-com/ #rssfeedpostgeneratorecho #DarkReadingSecurity #CyberSecurityNews #DARKReading #Vidar
-
Vidar Infostealer Back with a Vengeance – Source: www.darkreading.com https://ciso2ciso.com/vidar-infostealer-back-with-a-vengeance-source-www-darkreading-com/ #rssfeedpostgeneratorecho #DarkReadingSecurity #CyberSecurityNews #DARKReading #Vidar
-
Miała być Chemia, a wyszedł wirus. Kolejna infekcja na Steam
Chemia, gra survivalowo-craftingowa stworzona przez studio Aether Forge Studios do niedawna dostępna jako early access na Steamie, została zainfekowana infostealerem. Według firmy zajmującej się analizą zagrożeń Prodaft, początkowy incydent miał miejsce 22 lipca, kiedy to grupa hackerska EncryptHub dodała do plików gry złośliwe oprogramowanie HijackLoader (plik CVKRUTNP.exe), które zapewnia przetrwanie infekcji...
#WBiegu #Chemia #Malware #Steam #Valve #Vidar
https://sekurak.pl/miala-byc-chemia-a-wyszedl-wirus-kolejna-infekcja-na-steam/
-
Now this looks really cool! Here is an app that encrypts SMS messages with AES256.
-
«Dabei versprechen die Täter, gecrackte Software anzubieten[...].»
— Alles Anfänger, der darauf hereinfällt :mastolol: Kennt ihr noch astalavista.box.sk :mastocheeky: (Gibt es die Seite eigentlich noch?🤔)IT-Sicherheitsforscher entdecken #Tiktok-Kampagne zur #Malware-Installation | Security https://www.heise.de/news/Social-Engineering-Kampagne-Tiktok-Videos-mit-Anleitung-zu-Malware-Installation-10398870.html #SocialMedia #SocialEngineering #Infostealer #StealC #Vidar
-
TikTok staat bekend als platform voor creatieve content maar wordt nu ook gebruikt als lokaas voor cybercriminelen.
Podcast Youtube: https://youtu.be/cPADO5G5kJ0?si=7n-L01IBSzdX67DLPodcast Spotify: https://open.spotify.com/episode/2ZcrbUvXIOfBpPuaq7VQt7?si=61ccef7960ac43c7
Artikel Cybercrimeinfo: https://www.ccinfo.nl/menu-onderwijs-ontwikkeling/cybercrime/malware/2527960_hoe-tiktok-verandert-in-een-digitale-valstrik-infostealer-malware-via-virale-video-s
#TikTok #malware #cybercrime #ClickFix #infostealer #socialengineering #cybersecurity #digitaleveiligheid #PowerShell #StealC #Vidar #jongerenonline #cyberdreiging #cyberbewustzijn #darkweb #phishing #gratissoftware #cyberaanval #digitalevalstrik
-
In early 2025, the ClearFake framework widely spread #Emmenhtal Loader as the initial stage, aiming to download #Lumma or #Rhadamanthys, or PowerShell scripts installing #Vidar.
We identified thousands of sites compromised with ClearFake distributing these malware.
-
In early 2025, the ClearFake framework widely spread #Emmenhtal Loader as the initial stage, aiming to download #Lumma or #Rhadamanthys, or PowerShell scripts installing #Vidar.
We identified thousands of sites compromised with ClearFake distributing these malware.
-
In early 2025, the ClearFake framework widely spread #Emmenhtal Loader as the initial stage, aiming to download #Lumma or #Rhadamanthys, or PowerShell scripts installing #Vidar.
We identified thousands of sites compromised with ClearFake distributing these malware.
-
In early 2025, the ClearFake framework widely spread #Emmenhtal Loader as the initial stage, aiming to download #Lumma or #Rhadamanthys, or PowerShell scripts installing #Vidar.
We identified thousands of sites compromised with ClearFake distributing these malware.
-
In early 2025, the ClearFake framework widely spread #Emmenhtal Loader as the initial stage, aiming to download #Lumma or #Rhadamanthys, or PowerShell scripts installing #Vidar.
We identified thousands of sites compromised with ClearFake distributing these malware.
-
2025-02-05 (Wednesday): #ClearFake / #ClickFix style fake CAPTCHA leads to possible #Vidar.
Vidar C2 using eteherealpath[.]top behind Cloudflare.