Vidar-XMRig malvertising campaign targeting consumers and SMBs worldwide
Campaign
Summary
Hide ▲
Show ▼
A malvertising campaign is targeting consumers and small and medium businesses worldwide with archives that deploy Vidar and XMRig, creating both theft and cryptomining risk. The operation steals browser credentials, cookies, and crypto wallets while also using victim CPUs to mine Monero. It first appeared in April 2026 and relies on password-protected .bin archives plus AMSI bypass and process enumeration to evade defenses. The broad reach and dual-monetization model make the campaign especially damaging for individual and small-business systems.
Related Happenings
Pink new extortion brand within The Com
Threat Actor Meta
H score30
First: 08.07.2026 19:47
Last: 08.07.2026 19:47
Sources 1
About this happening:
A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...
Pink new extortion brand within The Com
Threat Actor MetaAbout this happening: A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...
Timeline
-
08.07.2026 14:00 2 articles · 1d ago
Vidar-XMRig malvertising campaign targeting consumers and SMBs worldwide
Initial DisclosureThe campaign began in **April 2026** by using **malvertising** to send victims to downloads impersonating cracked software. Its initial payload chain combined **Vidar** credential theft with **XMRig** cryptomining on victim machines.
Show sources
- New Malicious Campaign Delivers Vidar Infostealer and Monero Crypto Miner — www.infosecurity-magazine.com — 08.07.2026 14:00
- New Malicious Campaign Delivers Vidar Infostealer and Monero Crypto Miner — www.infosecurity-magazine.com — 08.07.2026 14:00