zeroday.news · 21h ago·high
Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation
Researchers have uncovered a sophisticated campaign distributing the Vidar stealer and XMRig cryptocurrency miner, primarily targeting users seeking cracked software. Attackers use malvertising to lure victims into downloading password-protected archives containing malicious loaders. These loaders are signed with a fake certificate and employ techniques like file-size inflation and AMSI bypass to evade detection before dropping the final payloads.