⚠️ Overall RAT activity cooled down last week, with #AsyncRAT, #XWorm, and #Remcos all declining, while stealers like #Vidar and #Stealc continued to grow.

📌 Trend to watch: this points to a shift toward credential access and large-scale delivery activity. For defenders, that usually means higher alert volume, broader exposure, and more pressure on early-stage triage.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=180526&utm_content=linktoenterprise
#cybersecurity

Vidar Infostealer Exploits Browser Cookies to Steal User Credentials

Pulse ID: 6a09a06adc722e44b1afa4cc
Pulse Link: https://otx.alienvault.com/pulse/6a09a06adc722e44b1afa4cc
Pulse Author: cryptocti
Created: 2026-05-17 11:03:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #InfoSec #InfoStealer #OTX #OpenThreatExchange #Vidar #bot #cryptocti

New Stealthy Vidar Stealer Campaign Bypass EDR and Steal Credentials

Pulse ID: 6a0952a57e16da067219eda8
Pulse Link: https://otx.alienvault.com/pulse/6a0952a57e16da067219eda8
Pulse Author: cryptocti
Created: 2026-05-17 05:31:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #Vidar #bot #cryptocti

Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication

Pulse ID: 6a02ae6f8736a6b944d7d662
Pulse Link: https://otx.alienvault.com/pulse/6a02ae6f8736a6b944d7d662
Pulse Author: Tr1sa111
Created: 2026-05-12 04:37:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Autoit #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vidar #bot #Tr1sa111

Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication

A sophisticated multi-stage infection chain was identified through proactive threat hunting, beginning with the execution of MicrosoftToolkit.exe, a commonly abused hack tool. The attack employed file masquerading techniques, renaming a .dot file to .bat format to evade detection. The malware performed process discovery and attempted to terminate security-related processes before extracting payloads using extract32.exe. An AutoIt-compiled executable (Replies.scr) functioned as a loader, processing an external encrypted payload file and establishing command-and-control communication with infrastructure associated with Vidar Stealer. The malware demonstrated advanced anti-analysis capabilities, including debugger detection and instrumentation callback queries. It targeted credentials, browser data, cryptocurrency wallets, and system information. Post-execution cleanup routines deleted artifacts and terminated processes to minimize forensic evidence and evade detection, significantly complicating incident res...

Pulse ID: 6a01c2382e61b490cfa457e4
Pulse Link: https://otx.alienvault.com/pulse/6a01c2382e61b490cfa457e4
Pulse Author: AlienVault
Created: 2026-05-11 11:49:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Autoit #Browser #CyberSecurity #InfoSec #Malware #Microsoft #Nim #OTX #OpenThreatExchange #RAT #Vidar #bot #cryptocurrency #AlienVault

Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication

Pulse ID: 6a01c03c55b2d8cb451efc11
Pulse Link: https://otx.alienvault.com/pulse/6a01c03c55b2d8cb451efc11
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:40:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Autoit #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vidar #bot #CyberHunter_NL

⚠️ Remote access tooling remained active last week. #AsyncRAT, #Remcos, #Warzone, and #Netwire all increased, while #Vidar continued to decline.

📌 Trend to watch: the activity points to attackers prioritizing persistence and operator access over large-scale credential theft. For defenders, that usually means fewer obvious indicators and more time between initial compromise and detection.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=110526&utm_content=linktoenterprise

'ClickFix' attack tricks users into hacking themselves, ACSC warns:

"Verify that you are human" prompt used to deliver Vidar Stealer malware.

The Australian Cyber Security Centre (ACSC) has stepped in to warn users of an active attack campaign targeting Windows users with Vidar Stealer malware, which is delivered through the so-called ClickFix social engineering technique.

🤷 https://www.itnews.com.au/news/clickfix-attack-tricks-users-into-hacking-themselves-acsc-warns-625692

#clickfix #acsc #malware #vidar #stealing #VidarStealer #australia #socialengineering

⚠️ RAT activity is on the rise. #XWorm and #AsyncRAT are up, while stealers like #Vidar and #Lumma are declining.

📌 Trend to watch: this suggests a shift toward sustained access and post-compromise operations, not just initial data theft. Lower stealer volume doesn’t reduce risk, it often means fewer early signals but higher impact if missed.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=040526&utm_content=linktoenterprise

#cybersecurity #infosec

📢⚠️ New version of Vidar infostealer spreads via fake CAPTCHA, hides in JPEG and TXT files, uses fileless attacks, and steals browser and crypto wallet data.

Read: https://hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/

#Vidar #Infostealer #Malware #Crypto #ClickFix