216.73.217.22

Hacked sites deliver Vidar infostealer to Windows users

· Published 17/03/2026 09:09 · Modified 17/03/2026 09:16

Export JSON

Essential information

Published
17/03/2026 09:09
Modified
17/03/2026 09:16
Tags
2026-03-17 fake captcha golang loader hta script infostealer msi installer vidar windows wordpress
Related entities
4 observables, 15 techniques (mitre), 1 malware, 8 others

Description

A recent cybercrime campaign uses compromised websites to distribute the malware to users. The attack employs pages that trick victims into running malicious commands. The infection chain involves an , which downloads and executes a malicious . This installer then deploys a that ultimately decrypts and loads the into memory. The campaign targets users in multiple countries, including Italy, France, the United States, the United Kingdom, and Brazil. The attackers inject malicious code into sites, which filters visitors and displays the page to desktop users.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (4)

  • http://telegram.me/pr55ii
  • http://steamcommunity.com/profiles/76561198735736086
  • http://telegram.me/dikkh0k
  • http://steamcommunity.com/profiles/76561198742377525

Techniques (MITRE) (15)

Malware (1)

  • Vidar
    Family
    Published 16/06/2026 09:50 · Modified 16/06/2026 09:50

Others (8)

  • Brazil
  • United Kingdom of Great Britain and Northern Ireland
  • France
  • Italy
  • United States of America
  • walwood.be
  • woopresscdn.com
  • cdnwoopress.com

External references