Find notable cyber news and cases, enriched with sources, timelines, and signals.

Vidar-XMRig malvertising campaign targeting consumers and SMBs worldwide

Campaign
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

A malvertising campaign is targeting consumers and small and medium businesses worldwide with archives that deploy Vidar and XMRig, creating both theft and cryptomining risk. The operation steals browser credentials, cookies, and crypto wallets while also using victim CPUs to mine Monero. It first appeared in April 2026 and relies on password-protected .bin archives plus AMSI bypass and process enumeration to evade defenses. The broad reach and dual-monetization model make the campaign especially damaging for individual and small-business systems.

Related Happenings

Pink new extortion brand within The Com

Threat Actor Meta
H score30 First: 08.07.2026 19:47 Last: 08.07.2026 19:47 Sources 1

About this happening: A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...

Timeline

  1. 08.07.2026 14:00 2 articles · 1d ago

    Vidar-XMRig malvertising campaign targeting consumers and SMBs worldwide

    Initial Disclosure

    The campaign began in **April 2026** by using **malvertising** to send victims to downloads impersonating cracked software. Its initial payload chain combined **Vidar** credential theft with **XMRig** cryptomining on victim machines.

    Show sources