Close Menu
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
What's Hot

New Malicious Campaign Delivers Vidar Stealer and Monero Crypto Miner

July 8, 2026

BonkDAO Attacker Moves $19M Loot Into New ‘BONK 2.0’ DAO

July 8, 2026

Citadel drops U.S. Portofino suit, seeks bankruptcy order against firm's founder in UK

July 8, 2026
Facebook X (Twitter) Instagram
Recession Profit AlertsRecession Profit Alerts
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
Recession Profit AlertsRecession Profit Alerts
Home»Security»New Malicious Campaign Delivers Vidar Stealer and Monero Crypto Miner
New Malicious Campaign Delivers Vidar Stealer and Monero Crypto Miner
Security

New Malicious Campaign Delivers Vidar Stealer and Monero Crypto Miner

July 8, 2026No Comments2 Mins Read

A new cyber-attack targets consumers and small and medium businesses worldwide to both steal sensitive cryptocurrency data and mine Monero, a decentralized cryptocurrency focused on private, untraceable transactions.

The malicious campaign was first detected by Unit 42, the research arm of cybersecurity giant Palo Alto Networks, in April 2026.

Attackers first lure victims via malvertising to pages for downloading files that impersonate cracked versions of copyright-protected software including JustWatch GmbH, a legitimate German streaming guide service, and one that resembles the BleacherReport[.]com certificate.

JustWatch itself has not been compromised, noted the researchers in a report published on July 7.

These files are delivered via password-protected archives with a .bin extension in the filenames, a technique described by Unit 42 as a deliberate choice to bypass email gateway scanning and prevent automated sandbox detonation without the password.

The attackers also employed anti-analysis techniques such as process enumeration and an AMSI bypass where the AmsiScanBuffer function is patched to prevent detection by some types of security software.

The loader then drops and runs both the Vidar infostealer and the XMRig cryptocurrency miner.

Vidar siphons sensitive information from the victim’s environment, like browser credentials, cookies and crypto wallets. Meanwhile, XMRig mines Monero, utilizing the victim computer’s processor to solve complex mathematical problems to verify network transactions and secure the blockchain, an action rewarded with freshly minted Monero coins.

“The operator behind this campaign runs a dual-monetization scheme. Criminals sell credentials and session cookies stolen by Vidar stealer on criminal log markets, while XMRig provides passive income from hijacked victim CPU cycles,” explained the Unit 42 researchers.

See also  MoreLogin Tool Suspected in $85K+ Cryptocurrency Theft

Unit 42 found 99 samples of the loader, all showing evidence that the attackers used the Factory-v3 framework, a well-known malware-as-a-service (MaaS) builder used for different families of stealer malware.

This builder is assessed to be a separate upstream service used by at least two distinct known infostealer affiliates.

The researchers also discovered the attackers used Telegram for command-and-control (C2) communication. The tag ‘X3D MINER’ appeared in Telegram operator notifications sent for every new victim infection, a behavior that has been associated to a known threat group previously observed delivering XMRig and binding XMRig with other programs.

Source link

Campaign Crypto Delivers Malicious miner Monero Stealer Vidar

Related Posts

BonkDAO Attacker Moves $19M Loot Into New ‘BONK 2.0’ DAO

July 8, 2026

Ctrl Wallet Shuts Down in August, Urges Users to Export Recovery Phrases

July 8, 2026

Reserve Bank of India still favors crypto prohibition to curtail tax evasion: Reuters

July 8, 2026

Blockchain Hacks Cost $956 Million in First Half of 2024, Down 60% from Last Year

July 8, 2026
Top Posts

Strait of Hormuz in Focus as Global Crude Flows Face Disruption Threat

March 1, 2026

‘Just Allegations’: Menendez Refuses To Resign Amid Bribery Scandal

September 25, 2023

Latest bear market victim shows how quickly DeFi users are left behind when crypto projects move on

June 25, 2026

Type above and press Enter to search. Press Esc to cancel.