Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Vidar Stealer 2.0 data-theft and evasion upgrade

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The release of Vidar Stealer 2.0 is likely to increase infections because the malware now steals data faster and evades detection more effectively. The new build is a major rewrite in C and adds multi-threaded data stealing plus stronger anti-analysis checks. It also bypasses Chrome App-Bound encryption by injecting into running browser processes and stealing keys from memory. The expanded targeting of browser, cloud, and messaging credentials raises the risk of account compromise and downstream theft through Q4 2025.

Related Happenings

REMUS infostealer browser-session and password-manager collection expansion

Malware Activity
First: 15.05.2026 17:02 Last: 15.05.2026 17:02 Sources 1

About this happening: **REMUS** expanded its **session-theft** and **password-manager** collection capabilities, increasing the malware’s ability to capture authenticated access and browser-side data....

Open Happening

Vidar Stealer ClickFix campaign targeting multiple sectors

Campaign
First: 08.05.2026 14:00 Last: 08.05.2026 14:00 Sources 1

About this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...

Open Happening

Vidar infostealer market rise and distribution expansion

Malware Activity
First: 28.04.2026 22:07 Last: 28.04.2026 22:07 Sources 1

About this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...

Open Happening

Storm infostealer server-side decryption activity

Malware Activity
First: 02.04.2026 17:15 Last: 02.04.2026 17:15 Sources 1

About this happening: The **Storm** infostealer now steals **browser credentials**, **session cookies**, and **crypto wallets** and forwards them to attacker infrastructure for **server-side decryption...

Open Happening

Venom Stealer MaaS continuous credential theft and exfiltration

Malware Activity
First: 01.04.2026 16:30 Last: 01.04.2026 16:30 Sources 1

About this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...

Open Happening

Timeline

  1. 22.10.2025 01:26 2 articles · 7mo ago

    Vidar Stealer 2.0 adds faster theft and stronger evasion

    Technical Analysis Update

    Security researchers warned that Vidar Stealer 2.0 is likely to increase infections after the malware developer released a major rewrite in C with multi-threading data stealing, stronger anti-analysis checks, control-flow flattening, and Chrome's App-Bound encryption bypasses. Trend Micro described a browser-memory technique that launches browsers with debugging enabled, injects code into running browser processes with shellcode or reflective DLL injection, extracts encryption keys from browser memory, and returns them to the main malware process via named pipes. The malware targets browser cookies and autofill, cryptocurrency wallet extensions and desktop apps, cloud credentials, Steam accounts, Telegram, and Discord data, and researchers expect it to become more prevalent through Q4 2025.

    Show sources
    Open in new tab