APT / THREAT GROUP
Vidar
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.
Threat Analysis
Vidar is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Vidar
Fake Software Tutorials on TikTok Spread Vidar Stealer
Infosecurity Magazine· Jun 10, 2026
Australian Cyber Security Centre Issues Alert Over ClickFix Attacks
Infosecurity Magazine· May 8, 2026
Australia warns of ClickFix attacks pushing Vidar Stealer malware
BleepingComputer· May 7, 2026
Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do
Trend Micro Research· Apr 6, 2026
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
Trend Micro Research· Apr 2, 2026
Claude Code leak used to push infostealer malware on GitHub
BleepingComputer· Apr 2, 2026
2025 Year in Review: Malicious, Infrastructure
Recorded Future Blog· Mar 18, 2026
Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats
Infosecurity Magazine· Mar 18, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
win.vidarVidar
External Intelligence
Malpedia: win.vidarResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.