Vidar 2.0 infostealer upgrade
Malware Activity
Summary
Hide ▲
Show ▼
The Vidar 2.0 infostealer has been upgraded with multithreaded data theft, a Chrome AppBound bypass, and a polymorphic builder, raising the risk of faster exfiltration and harder detection. The release was announced Oct. 6, 2025 and reported on Oct. 21, 2025, signaling active development in the underground market. The changes focus on credential theft and evasion, which can improve the malware's ability to steal browser logins and resist static analysis. Security teams should expect broader Vidar use in Q4 2025 as other infostealer activity declines.
Related Happenings
Drupal core security release (May 2026)
Security Patch Release
First: 19.05.2026 13:44
Last: 19.05.2026 13:44
Sources 1
About this happening:
**Drupal Security Team** announced a **core security release** for **all supported Drupal branches** on **May 20, 2026**, signaling an **urgent update window** for sites that may...
Drupal core security release (May 2026)
Security Patch ReleaseAbout this happening: **Drupal Security Team** announced a **core security release** for **all supported Drupal branches** on **May 20, 2026**, signaling an **urgent update window** for sites that may...
Vidar infostealer market rise and distribution expansion
Malware Activity
First: 28.04.2026 22:07
Last: 28.04.2026 22:07
Sources 1
About this happening:
**Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...
Vidar infostealer market rise and distribution expansion
Malware ActivityAbout this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware Activity
First: 01.04.2026 16:30
Last: 01.04.2026 16:30
Sources 1
About this happening:
The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware ActivityAbout this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Venom Stealer MaaS infostealer with persistent credential harvesting
Malware Activity
First: 31.03.2026 17:51
Last: 31.03.2026 17:51
Sources 1
About this happening:
The **Venom Stealer** infostealer now ships as **malware-as-a-service (MaaS)**, expanding access to a persistent credential-theft tool and raising risk for **Windows** users. It s...
Venom Stealer MaaS infostealer with persistent credential harvesting
Malware ActivityAbout this happening: The **Venom Stealer** infostealer now ships as **malware-as-a-service (MaaS)**, expanding access to a persistent credential-theft tool and raising risk for **Windows** users. It s...
Vidar Stealer 2.0 data-theft and evasion upgrade
Malware Activity
First: 22.10.2025 01:26
Last: 22.10.2025 01:26
Sources 1
About this happening:
The release of **Vidar Stealer 2.0** is likely to increase infections because the malware now steals data faster and evades detection more effectively. The new build is a major re...
Vidar Stealer 2.0 data-theft and evasion upgrade
Malware ActivityAbout this happening: The release of **Vidar Stealer 2.0** is likely to increase infections because the malware now steals data faster and evades detection more effectively. The new build is a major re...
Timeline
-
23.10.2025 13:00 1 articles · 7mo ago
Loadbaks announces Vidar 2.0
Initial DisclosureThe Vidar infostealer upgrade Vidar 2.0 was first announced by the developer known as “Loadbaks” on underground forums, marking the release of a new version of the malware.
Show sources
- Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer, Researchers Say — www.infosecurity-magazine.com — 23.10.2025 13:00
-
23.10.2025 13:00 2 articles · 7mo ago
Trend Micro details Vidar 2.0 capabilities
Technical Analysis UpdateTrend Micro reported a new Vidar 2.0 version with a C-to-C rewrite, multithreaded data theft, custom browser credential extraction, a Chrome AppBound bypass targeting application-bound encryption, and an automatic polymorphic builder that makes static detection harder, while warning that increased Vidar 2.0 prevalence may continue through Q4 2025.
Show sources
- Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer, Researchers Say — www.infosecurity-magazine.com — 23.10.2025 13:00
- Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer, Researchers Say — www.infosecurity-magazine.com — 23.10.2025 13:00