RST TI Report Digest: 28 Apr 2026

This report details the rise of the Vidar infostealer—now reportedly the top infostealer in the Russian market since November 2025—highlighting the October 2025 Vidar 2.0 release, distribution via spearphishing, drive-by downloads and disguised software, components such as NeoHub.exe and msedge_elf.dll, use of dead-drop resolvers on Steam and Telegram for C2/exfiltration, and extensive IOCs (IPs, domains, URLs, file hashes and malicious browser extensions) to aid detection and remediation.