Vidar 2.0 Infostealer Distributed Through Fake Game Cheats on GitHub and Reddit, Targeting Young Gamers
What Happened — A new version of the Vidar infostealer (Vidar 2.0) is being delivered via malicious repositories masquerading as game‑cheat tools on GitHub and Reddit. The malware harvests cryptocurrency wallets, login tokens, and personal files from infected systems, primarily targeting inexperienced gamers.
Why It Matters for TPRM —
- Public code‑hosting platforms can unintentionally become malware distribution vectors, exposing downstream vendors and their customers.
- Compromise of community or developer accounts enables attackers to inject malicious binaries into otherwise trusted projects.
- Exfiltrated crypto credentials and authentication tokens can cause direct financial loss and reputational damage for partner organizations.
Who Is Affected — Gaming communities, indie game developers, platform providers that host user‑generated content, and any downstream vendors that integrate third‑party cheat tools or SDKs.
Recommended Actions —
- Review any third‑party code or binaries sourced from public repositories before deployment.
- Enforce strict verification of open‑source dependencies and implement provenance checks (e.g., SBOM, hash verification).
- Monitor for anomalous credential usage and crypto‑wallet activity linked to vendor accounts.
- Engage with GitHub and Reddit to request takedown of malicious repositories and improve abuse‑reporting processes.
Technical Notes — The campaign uses social engineering to lure victims into downloading a zip file labeled as a “game cheat”. Once executed, Vidar 2.0 injects a loader that steals Chrome/Discord tokens, cryptocurrency wallet files (e.g., .wallet, .dat), and copies user documents. No specific CVE is referenced; the attack relies on user execution of malicious code. Source: HackRead