Vidar is an infostealer malware that was first discovered in the wild in late 2018. It operates as malware-as-a-service and runs on Windows. Vidar can collect a wide range of sensitive data from browsers and digital wallets. Additionally, it is used as a downloader for ransomware. The malware is typically delivered via email, often as an ISO file, which is a disk image file format commonly used by malware authors to package their malware. In Vidar’s case, the malicious ISO has been embedded in fake installers for legitimate software such as Adobe Photoshop and Microsoft Teams. Vidar is primarily an infostealer, meaning that it is designed to collect a variety of sensitive information from an infected computer and exfiltrate this data to an attacker1 Some examples of the information that Vidar collects from infected computers, browsers, and digital wallets include login credentials, passwords, cryptocurrency wallet data, and banking details. In addition to collecting sensitive data, Vidar can also be used as a downloader for other malware. The command and control server can specify a link that the malware will download a file to and then execute it. This has allowed Vidar operators to sell access to infected machines to other cybercriminals. To protect against Vidar malware, it is recommended to use strong, long, and random passwords, and multi-factor authentication. If an endpoint security solution is installed on a computer, it should be able to identify and remediate the infection by removing the malware from the system.