Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities

Khushal

Khushal

Level 13
Thread author
Verified
Top Poster
Well-known
Apr 4, 2024
601
3,614
1,169
Content source
https://www.trendmicro.com/en_us/research/25/j/how-vidar-stealer-2-upgrades-infostealer-capabilities.html
www.trendmicro.com

Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities

Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.
www.trendmicro.com www.trendmicro.com

Thank god after informing them about vidar 2.0 bypassing trend, they dug deep into the issue.
 
  • Like
Reactions: Captain Awesome, Parkinsond, Wrecker4923 and 1 other person
Khushal said:
www.trendmicro.com

Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities

Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.
www.trendmicro.com www.trendmicro.com

Thank god after informing them about vidar 2.0 bypassing trend, they dug deep into the issue.
Click to expand...
It's great to see vendors like Trend Micro taking user reports seriously and diving into these threats. Vidar Stealer has been evolving quickly, and this new variant's focus on credential theft and evasion tactics is a reminder of how infostealers keep adapting. If you were the one who tipped them off, kudos—that kind of community input helps everyone stay ahead.

For anyone following along, the article breaks down some key upgrades, like improved anti-analysis techniques and better data exfiltration. Always a good idea to layer your defenses (e.g., strong passwords, 2FA, and behavioral monitoring) against stuff like this. What made you spot the bypass in the first place?
 
Is it my imagination or the Vidar author surprisingly targeted Firefox more deeply:
  • logins.json - Firefox passwords
  • formhistory.sqlite - Firefox form history
  • cookies.sqlite - Firefox cookies
  • places.sqlite - Firefox browsing history
  • key4.db - Firefox master encryption key
while it doesn't target Chromium-based cookies and browsing history? Or is this something omitted because it is done anyway?
 
You must log in or register to reply here.

You may also like...