Vidar Infostealer Targets SMBs with Malvertising Campaign

Vidar Infostealer Targets SMBs with Malvertising Campaign

First seen 8 Jul 2026, 19:12 UTC Infosecurity-MagazineDarkreadingunit42.paloaltonetworks.com 82% similarity 69.5

Article Content

Browse articles
ThreatCluster

A new malvertising campaign has been identified, targeting consumers and small to medium businesses (SMBs) globally. The campaign delivers the Vidar infostealer and XMRig cryptominer through malicious ads promising cracked software. Detected by Palo Alto Networks' Unit 42 in April 2026, the attackers use password-protected archives to bypass security measures. The Vidar infostealer steals sensitive information such as browser credentials and crypto wallets, while XMRig mines Monero using victim CPU resources. The malware employs advanced evasion techniques, including AMSI bypass and unique binary generation to evade detection. The campaign is characterized by a dual-monetization scheme, selling stolen credentials on criminal markets and generating passive income from mining. The attackers are believed to be experienced affiliates of the Vidar malware-as-a-service operation. Current status indicates ongoing threats to affected users.

Key Points: • The campaign uses malvertising to lure victims into downloading malware disguised as cracked software. • Vidar infostealer targets sensitive data, while XMRig mines Monero using compromised systems. • Advanced evasion techniques are employed to avoid detection by security software.

ThreatCluster AI

Timeline

2026-04-01
Campaign first detected
Unit 42 identified the malvertising campaign targeting SMBs and consumers globally.
Darkreading
2026-07-07
Research report published
Unit 42 released findings detailing the malware delivery methods and evasion techniques used in the campaign.
Infosecurity-Magazine
2026-07-08
Articles published
Both Darkreading and Infosecurity-Magazine published articles detailing the ongoing threat posed by the Vidar infostealer campaign.
Darkreading

Community

Browse all →