New Vidar 2.0 Infostealer Spreads via Fake Game Cheats on GitHub, Reddit
Vidar 2.0, a rewritten infostealer malware, is being actively distributed via fake game cheats on GitHub and Reddit, targeting young gamers. The malware steals cryptocurrency wallets, login tokens, files, and screenshots while using PowerShell scripts and anti-analysis techniques to evade detection. Operating as Malware-as-a-Service (MaaS), Vidar has surged following the shutdown of rival infostealers Lumma and Rhadamanthys.
Summary
Vidar 2.0, a rewritten infostealer malware, is being actively distributed via fake game cheats on GitHub and Reddit, targeting young gamers. The malware steals cryptocurrency wallets, login tokens, files, and screenshots while using PowerShell scripts and anti-analysis techniques to evade detection. Operating as Malware-as-a-Service (MaaS), Vidar has surged following the shutdown of rival infostealers Lumma and Rhadamanthys.
Full text
Security Gaming MalwareNew Vidar 2.0 Infostealer Spreads via Fake Game Cheats on GitHub, Reddit The new infostealer campaign spreads Vidar 2.0 via fake game cheats on GitHub and Reddit, stealing crypto, login tokens, and files while targeting young gamers ignoring security warnings byDeeba AhmedMarch 17, 20262 minute read For many online gamers, the temptation to get a competitive edge in hits like Fortnite or Counter-Strike is high. However, a new wave of cyberattacks is proving that ‘free’ cheats often come with a heavy price tag. Cybersecurity experts at the research firm Acronis TRU have identified a huge campaign using platforms like GitHub and Reddit to spread a dangerous infostealer called Vidar 2.0. How the Scam Works In this campaign, hackers hide malicious links behind professionally designed images on GitHub and use Discord or Reddit to identify victims. These cheats typically ask users to disable their antivirus software to function. This is the perfect trap, because cheats naturally behave like viruses to bypass game security, and victims ignore the warnings and hand over total control of their PCs. This campaign specifically targets younger players who may not have the money for paid subscriptions, as they often ignore safety warnings and are too embarrassed to report the hack since they were trying to cheat. Promotional post on Reddit (source: Acronis) According to researchers, the scam’s scale is likely underestimated; while they found hundreds of malicious pages, the true number could be in the thousands. They also noted that hackers use technical tricks like PowerShell scripts to drop the virus quietly. It even sets itself up to run every time a user logs in and will refuse to run if it detects a security researcher’s virtual environment. Vidar 2.0: A Master of Digital Theft This research, which was shared exclusively with Hackread.com, shows that Vidar 2.0 has undergone a complete technical rewrite. Changing its code from C++ to C has made it much faster and stealthier. Interestingly, Vidar has been around since 2018, but it is seeing a surge now following the recent shutdown of its main rivals, Lumma and Rhadamanthys. For your information, Vidar operates as Malware-as-a-Service (MaaS), where criminals pay between $130 and $750 to use it. The virus is much more dangerous than older versions, targeting everything from Monero cryptocurrency wallets to login tokens for Discord, Steam, and Telegram. It even hunts for Microsoft Azure folders and professional tools like FileZilla to steal server passwords, potentially giving hackers access to a victim’s workplace networks. To make things more personal, it takes a screenshot.jpg of the user’s desktop and copies files from the Documents and Downloads folders. Infection chain (source: Acronis) Researchers further explain that to avoid being caught, the virus uses Telegram bots and Steam profiles as “dead drop” locations to receive hidden instructions. By blending in with normal traffic from these popular apps, the malware often “completes its mission” before the victim even realizes something is wrong. This makes it all the more important for you to download software only from trusted, official sources and avoid the lure of free advantages. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts CybersecurityFortnitegamingGitHubInfostealerMalwareRedditVidar Leave a Reply Cancel reply View Comments (0) Related Posts Phishing Scam Scams and Fraud Security According to Chrome, Safari and FireFox ThePirateBay is a Phishing Site Pirate Bay Torrent website blocked by Chrome, Safari and Firefox on accounts of phishing. It was a “dark… byAgan Uzunovic Read More Cyber Attacks Security RansomHouse Claims Data Breach at Major Apple Contractor Luxshare RansomHouse claims to have breached Apple contractor Luxshare, but no evidence has been released. Links are offline and the breach remains unverified. byWaqas Read More Cyber Attacks Malware Security Lone Hacker Used Infostealers to Access Data at 50 Global Companies A Hudson Rock report reveals how an Iranian hacker named Zestix breached 50 global companies, including Iberia Airlines and Pickett & Associates, by using stolen passwords and a lack of MFA. byDeeba Ahmed Security Leaks Mobile payment app BHIM leaked financial data of 7 million Indians Bharat Interface for Money (BHIM), India’s emerging new e-payments platform has... byWaqas
Indicators of Compromise
- malware — Vidar 2.0
- malware — Lumma
- malware — Rhadamanthys