Vidar Stealer 2.0 Enhances Capabilities Amid Lumma Decline

Severity: Medium (Score: 48.9)

Sources: Trendmicro

Summary

On October 6, 2025, the developer 'Loadbaks' released Vidar Stealer v2.0 on underground forums, marking a significant upgrade from its predecessor. This new version features a complete rewrite in C, improving performance and stability while introducing advanced anti-analysis measures and multithreaded data theft capabilities. The release coincides with a decline in the Lumma Stealer's activity, indicating a potential shift in the cybercriminal landscape as users seek alternatives like Vidar and StealC. Vidar 2.0 maintains a price point of US$300, making it an attractive option for attackers. The tool has evolved since its inception in 2018, gaining popularity for its ability to steal browser credentials and cryptocurrency wallets. The update emphasizes enhancements in evasion techniques and overall capabilities, aiming to address previous limitations. As cyber threats continue to evolve, Vidar's latest iteration positions itself as a formidable player in the infostealer market. Key Points: • Vidar Stealer v2.0 released on October 6, 2025, with a complete C language rewrite. • New features include multithreaded architecture and advanced anti-analysis measures. • The tool is priced at US$300, appealing to cybercriminals seeking effective data theft solutions.

Key Entities

• Malware (attack_type)
• Arkei (malware)
• Arkei Stealer (malware)
• Lumma Stealer (malware)
• Raccoon (malware)
• RedLine (malware)
• T1003 - OS Credential Dumping (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1055 - Process Injection (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• T1555.001 - Keychain (mitre_attack)
• Chrome (tool)
• Chromium-based Browsers (platform)
• Edge (platform)
• Firefox (platform)