{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"Vidar 2.0: The C-Rewritten Stealer Poised to Dominate the Cybercrime Market","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/31c8ab94\"></iframe>","width":"100%","height":180,"duration":1902,"description":"A new evolution in information-stealing malware has arrived — and it’s already drawing serious attention from researchers and defenders alike. The release of Vidar 2.0 represents a complete transformation of the long-running Vidar infostealer, which has been rewritten entirely in C and equipped with multi-threading and advanced anti-analysis mechanisms. This overhaul not only boosts performance but makes detection exponentially more difficult, setting the stage for a potential new era in cybercrime operations.Security researchers warn that infections from Vidar 2.0 are expected to surge through Q4 2025, as this reengineered variant fills the vacuum left by the decline of Lumma Stealer. The developer behind Vidar — active and trusted in underground markets since 2018 — has released a product that combines speed, stealth, and resilience into a single, deadly package.The most alarming innovation is Vidar 2.0’s ability to bypass Chrome’s App-Bound encryption, a defense mechanism introduced in 2024 to protect browser-stored credentials. Instead of attempting to decrypt protected data on disk, Vidar 2.0 sidesteps these controls entirely by injecting malicious code directly into live Chrome processes and extracting encryption keys straight from memory. This in-memory attack vector effectively neutralizes one of the browser’s most advanced security protections.Other major technical upgrades include:A C-language rewrite, reducing dependencies and shrinking the malware’s footprint to evade signature detection.Multi-threaded data collection, allowing it to steal multiple data types—passwords, cookies, cryptocurrency wallets, and cloud credentials—simultaneously, minimizing its dwell time on infected machines.A polymorphic builder that automatically alters each build’s structure, producing unique, detection-resistant variants.Robust anti-analysis defenses, from debugger and sandbox detection to hardware and timing checks that allow Vidar 2.0 to shut down in controlled...","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}