216.73.217.98

Vidar Infostealer Being Spread through Phishing Emails

· Published 09/07/2026 13:27

Export JSON

Essential information

Published
09/07/2026 13:27
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
browser credential theft cryptocurrency theft dead drop resolver discord infostealer phishing steam telegram vidar
Related entities
8 indicators, 5 observables, 20 techniques (mitre), 1 malware

Description

, a Malware-as-a-Service first identified in 2018, continues to be distributed through campaigns targeting Korea in the first half of 2026. The threat actor uses emails disguised as job applications and copyright infringement notices, with attachments appearing as Word documents but actually being executables. employs a Go-based packer, uses technique via and profiles to obtain C&C addresses, and implements anti-debugging and anti-VM techniques. The exfiltrates sensitive information including browser credentials, cookies, browsing history, cryptocurrency wallet data, tokens, information, data, Azure credentials, and screenshots. Configuration information is downloaded in JSON format, and data collection is performed based on received flags and additional downloaded conditions.

External references