Home / Threat Intelligence bulletins / Vidar - Stealerware

Update 8th February 2023

Full report of the Vidar malware now available.

This document provides our findings of the Vidar malware. Download now. 

16th January 2023 

Vidar malware steals data and provides remote command-and-control (C2) functionality on Windows operating systems. This document summarises Quorum Cyber’s analysis of the malware; a separate report provides more in-depth analysis of the malware.

The malware performs data exfiltration on any available data within the affected user’s profile, before installing further C2 persistence mechanisms and interacting with the hxxps:[//]clipper[.]guru domain for further instruction. The malware has been designed with multiple anti-forensics techniques intended to help evade detection and to mislead and frustrate analysis.

The malicious payload was contained within a seemingly legitimate software executable and was presented to the user via a search engine advertisement masquerading as a legitimate resource. This was sufficient to trick the user into downloading and executing it. In this instance, the advertisement offered a free version of the Adobe Illustrator application, while the software executable itself was originally a Yahtzee scoreboard.

Download Quorum Cyber’s summary of the Vidar malware.

This document provides a summary of our findings, our full analysis will be available later this week. Download now.