TLP:WHITE1 IOC

Vidar Malware Bypasses Chrome Encryption Using CryptUnprotectMemory

Cyber Press

Published June 20, 2026Original Report

Diamond Model

Adversary

Infrastructure

Capability(1)

Victim

ExecutionTA0002·T1055

1/6

Process Injection

ActionFork browser process

Vidar opens a handle to the Chrome process and creates a silent, threadless fork of the browser using NtCreateProcessEx.

Analysis unavailable

Type	Indicator	Confidence	Score	First Seen
SHA256	459daa809751e73f60fbbe4384a7d1653c36bb06945e4eb3635270924241100a file-hashintel-blogmalware	High	86	Jun 19, 26

IOC Relationship Graph1 total IOCs

SHA256

scroll to zoom · drag to pan · click IOC to open