The Vidar stealer has returned in a new campaign that abuses the Mastodon social media network to get C2 configuration without raising alarms.
The particular malware
has been active since at least October 2018 and we've seen it in
numerous different campaigns. The reason why it’s so widely deployed is that it remains effective in its job and is also easy to source through Telegram channels and underground forums where it sells for as little as $150.
The data that Vidar attempts to steal from infected machines includes the following:
