Vidar – malware that keeps on giving

100% human

Just visiting an infected website can result in malvertising, password stealing, information exfiltration and then ransomware. Malwarebytes exposes the latest malware threat – Vidar and GandCrab ransomware combo.

Jut to put it in perspective Vidar (illegitimate son of Odin – called the Silent One) is a stealer that can loot from browser histories (including Tor Browser) and cryptocurrency wallets, capture instant messages, and much more. You catch this just as you would catch a sexually transmitted disease – unprotected viewing of an infected website.

Vidar is what we call a drive-by download (exploit kit) that silently places malicious code on your device. You don’t have to click anything – its loaded as part of the web-font or otherwise encrypted in an image that ends up in the web cache on your device.

These small pieces of innocuous code have one purpose – to assemble themselves Lego style into virulent malware once it receives instructions from a command and control sever. Your only protection is a quality paid real-time malware protector like Malwarebytes (full Vidar article here) that analyses the code and stops it before it does any damage.

Vidar hijacks your browser leading to Malvertising

Frankly, most users are unaware that they have malvertising as ads are served anyway. These are just the ones the cybercriminal make the most money from as click-bait or to sell you unsavoury content.

But Vidar then extracts data from the device – browser files like passwords, autofills, screen shots, cookies and history. The cybercriminals use AI to analyse this information and mine it for value. That value is to improve the dark web profile held on everyone to make us more susceptible to phishing scams, extortion, ID theft etc.


Finally it drops GandCrab ransomware to extract money.

How to avoid it Vidar Malware

It would be trite to say that visiting adult, torrent and streaming sites are the main culprits. Vidar can infect any poorly protected web site. It costs US$700 for the exploit kit and can be customised to steal an impressive range of information from digital wallets.


If you must surf the internet, then Malwarebytes paid version protects against this threat at multiple levels. Its signatureless anti-exploit engine mitigates the Internet Explorer and Flash Player exploits used by the Fallout exploit kit. It detects the dropped stealer as Spyware.Vidar and also stops GandCrab via its anti-ransomware module.

And keep your systems, Windows or macOS fully patched and up to date.