top of page

Hackers use fake Windows 11 downloads to spread Vidar malware

About the Malware: The malicious ISO files were included on the counterfeit websites to facilitate the download and installation of the Vidar info-stealer malware on the target PCs, according to cybersecurity specialists.

  • Vidar virus is a well-known data thief that may take information from users and monitor their activities. While spyware like Vidar is primarily intended to steal sensitive data from its victims.

  • The ISO that includes the executable is unusually huge to escape detection by security solutions (over 300MB).

  • The hackers are signing the file with Avast's expired certificate, which was most likely taken following the company's security incident in October 2019.

  • Vidar connects to a C2 server and then demands legitimate DLL files from the C2 server to collect vital and sensitive data from affected systems.

  • Here below we have mentioned the DLL files that are requested:-



  • The threat actor additionally exploited Mastodon and Telegram to save the C2 IP address in the description fields of vulnerable communities and accounts.


  • Never download a file or an installer from an unknown source.

  • Before downloading any unknown attachments, be cautious.

  • Avoiding crack

  • Always use a powerful antivirus program.

  • Do not download any crack for the paid version. I

3 views0 comments


bottom of page