Darkreading
Vidar Infostealer Targets SMBs with Malvertising Campaign
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new malvertising campaign has been identified, targeting consumers and small to medium businesses (SMBs) globally. The campaign delivers the Vidar infostealer and XMRig cryptominer through malicious ads promising cracked software. Detected by Palo Alto Networks' Unit 42 in April 2026, the attackers use password-protected archives to bypass security measures. The Vidar infostealer steals sensitive information such as browser credentials and crypto wallets, while XMRig mines Monero using victim CPU resources. The malware employs advanced evasion techniques, including AMSI bypass and unique binary generation to evade detection. The campaign is characterized by a dual-monetization scheme, selling stolen credentials on criminal markets and generating passive income from mining. The attackers are believed to be experienced affiliates of the Vidar malware-as-a-service operation. Current status indicates ongoing threats to affected users.
Key Points: • The campaign uses malvertising to lure victims into downloading malware disguised as cracked software. • Vidar infostealer targets sensitive data, while XMRig mines Monero using compromised systems. • Advanced evasion techniques are employed to avoid detection by security software.