The Reveal Platform
Intel Name: Fast, broad, and elusive: how vidar stealer 2.0 upgrades infostealer capabilities
Date of Scan: November 11, 2025
Impact: High
Summary: On October 6, 2025, the developer “Loadbaks” released Vidar Stealer v2.0 on underground forums. The malware was rewritten entirely in C, improving speed and efficiency through a multithreaded architecture. Its launch coincided with a decline in Lumma Stealer activity, driving threat actors toward Vidar and StealC. Vidar 2.0 introduced enhanced credential extraction, bypassing Chrome’s AppBound encryption via memory injection. It now exfiltrates data more efficiently while evading detection more effectively. Targets include browsers, cloud services, crypto wallets, gaming accounts, and messaging apps like Discord and Telegram.
