Small and medium businesses are facing a sophisticated cyber threat as a malicious campaign leverages malvertising to distribute the dangerous Vidar infostealer. This financially motivated operation preys on organizations by enticing employees with offers of cracked or pirated software, delivering a potent combination of data theft and cryptomining capabilities. Security researchers have identified this campaign as particularly concerning due to its targeted approach and dual-payload functionality.

The attack begins when users searching for free or discounted software encounter malicious advertisements redirecting them to compromised websites. These sites host what appears to be legitimate software installers but actually contain the Vidar infostealer payload. Once executed, the malware conducts reconnaissance on the infected system, harvesting sensitive information including credentials, browser data, cryptocurrency wallets, and system information. What makes this campaign especially insidious is its secondary capability - after stealing valuable data, the malware also deploys cryptomining scripts that hijack system resources to generate cryptocurrency for the attackers.

Small and medium businesses represent the primary targets of this campaign, likely because they often have less robust security measures compared to enterprise organizations. The attackers have specifically designed their lures to appeal to cost-conscious employees who might be tempted to obtain software without proper licensing. This approach exploits both technical vulnerabilities and human psychology, creating a dangerous combination that bypasses many traditional security defenses.

For security teams, this campaign highlights several critical concerns. The dual