Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads ==================================================================================================================================================== Indicator Description Detection name ==================================================================================================================================================== Files ==================================================================================================================================================== Dropper Payloads SHA256 Description Detection name 52e83c718ca96a12b98c5b31af177204145837f4208b0ee0c8e9c2b454795a64 ClaudeCode_x64.exe TrojanSpy.Win64.VIDAR.CLA 7d5e84dd59165422f31a5a0e53aabba657a6fbccc304e8649f72d49e468ae91a ClaudeCode_x64.exe TrojanSpy.Win64.VIDAR.CLC 17145a933525ca8a6f29a818cf0fd94c37f20836090791bec349ae6e705670d4 ClaudeCode_x64.exe TrojanSpy.Win64.VIDAR.CLB 80920e8843ead75c58d56f55d351dbff01ccf9f28090e401479f21d651190b41 ClaudeCode_x64.exe TrojanSpy.Win64.VIDAR.CLC f96d80f7702cb1d5a340ab774e759e3357790c131cfac14a018716813dbc54dd TradeAI.exe TrojanSpy.Win64.VIDAR.CLP b73bd2e4cb16e9036aa7125587c5b3289e17e62f8831de1f9709896797435b82 TradeAI.exe TrojanSpy.Win64.VIDAR.CLR 44d40a9e59f08252a22939f76c92362c15a1ffab0dd3a4e3414bf4a5adc5d7c4 TradeAI.exe TrojanSpy.Win64.VIDAR.CLO 96db6133e7ca04264ffdf18928c394376323c283a82e8106feec2ac28ee21eeb TradeAI.exe TrojanSpy.Win64.VIDAR.CLL 18467faa4fa10ea30fef2012fbd2c36f31407d0466b4e880dd1b6e1e37c9aff6 TradeAI.exe TrojanSpy.Win64.VIDAR.CLK 789835888a76eca8cc9e8625004607be99a90ec9f7a4db06c568a69ccb76bd60 TradeAI.exe TrojanSpy.Win64.VIDAR.CLE 36c4bb55b7e4c072e0cbc344d85b3530aca8f0237cc4669aecdd4dd8f67ab43a TradeAI.exe TrojanSpy.Win64.VIDAR.CLM 30be8190db0627a363927be8b8c8f38f31891fb8958b3691944b69533f6770b3 TradeAI.exe TrojanSpy.Win64.VIDAR.CLT 537243230e14fb0f82bee8f51cac2e1d7ae955bb497c78b109972df51690edcf TradeAI.exe TrojanSpy.Win64.VIDAR.CLH 0b6ed577b993fd81e14f9abbef710e881629b8521580f3a127b2184685af7e05 TradeAI.exe TrojanSpy.Win64.VIDAR.CLU 518ff5fbfa4296abf38dfc342107f70e1491a7460978da6315a75175fb70e2b3 TradeAI.exe TrojanSpy.Win64.VIDAR.CLS 0f69513905b9aeca9ad2659ae16f4363ac03a359abeac9ac05cab70a50f17b65 TradeAI.exe TrojanSpy.Win64.VIDAR.CLG 87133e737b2892cebee006068b341012e2c07db1526c08d0a13d0e0cf11d25d1 TradeAI.exe TrojanSpy.Win64.VIDAR.CLN 249058ce8dc6e74cff9fb84d4d32c82e371265b40d02bb70b7955dceea008139 TradeAI.exe TrojanSpy.Win64.VIDAR.CLD cce96b39831ce36b9fd1262a7cf4024218dbb3e2c7f1829c261cf79e5c9b50a8 TradeAI.exe TrojanSpy.Win64.VIDAR.CLF 8090c3ecad7e4559ead21be02c564d20329e21fe3f449bcd9dbd8734f041aebd TradeAI.exe TrojanSpy.Win64.VIDAR.CLJ 385d00d5dcefa918858e1d2d6623e7d1155f972b694f48944f98fcceb2624211 TradeAI.exe TrojanSpy.Win64.VIDAR.CLQ 2a4a8f58ad259bde54e9d37cc4a86563797c99a5dc31a0ae39a92f7807b846b9 TradeAI.exe TrojanSpy.Win64.VIDAR.CLI 0a6b9410fd80f731699de51ecc4819555ef5051cf4cdf794d479deec08129873 TradeAI.exe TrojanSpy.Win64.VIDAR.SMCLX f03e38e1c39ac52179e43107cf7511b9407edf83c008562250f5f340523b4b51 Vidar Information stealer TrojanSpy.Win64.VIDAR.YXGBLZ 40fc240febf2441d58a7e2554e4590e172bfefd289a5d9fa6781de38e266b378 Suspected Rust-based loader for PureLogs Stealer TrojanSpy.Win32.PURELOGS.E d5dffba463beae207aee339f88a18cfcd2ea2cd3e36e98d27297d819a1809846 Information Stealer TROJ.Win32.TRX.XXPE50FFF104 a22ddb3083b62dae7f2c8e1e86548fc71b63b7652b556e50704b5c8908740ed5 GhostSocks Trojan.Win32.GHOSTSOCKS.B e13d9304f7ebdab13f6cb6fae3dff3a007c87fed59b0e06ebad3ecfebf18b9fd Suspected Atomic MacOS Stealer Trojan.MacOS.InfoStl.PFH b4554c85f50c56d550d6c572a864deb0442404ddefe05ff27facb3cbfb90b4d6 Vidar v18.7 TrojanSpy.Win64.VIDAR.YXGDCZ 3d85ed30ec30155a8812ddf0fa9a57fc8e239215c6f30c989a28018548827e41 NeuralUpdater.exe TrojanSpy.Win64.VIDAR.C 623c2e578d3323a07268dafa6d2da21abb1356fa6e28acb6bbeca28420ffd392 QuantumEdge.exe TrojanSpy.Win32.VIDAR.G 5a4033aa864e8c6e3cf8c973b426aff8128a3397feb65fc5de4e3a9fb41ebb6e UpdaterForge.exe TrojanSpy.Win64.VIDAR.C c3eede99459a16ca90f7cc62cdae861967413dc1cb5d6393e86f146beaef734f OneDriveService.exe TrojanSpy.Win64.VIDAR.C fd67063ffb0bcde44dca5fea09cc0913150161d7cb13cffc2a001a0894f12690 VersionPulse.exe TrojanSpy.Win64.VIDAR.C 923f9794f6e1539a1f46babb10675063b00dced03f6502b8000c90f11e1620ac MirageEngine TrojanSpy.Win64.VIDAR.SMCLX bbdfa2ddefb09f82e5c69f48d274228ef77ad84f61ae78b500ba71d525afaaff PaladinGuard TrojanSpy.Win64.VIDAR.CG 62c3d4f915d6ad5a01931e11af9ebdd95ca81477eaa57d4e3fcb45662f606008 FraudGPT_x64.exe TrojanSpy.Win64.VIDAR.CJ c1507974fc395aad7e9c5fdd09787f3a892d900d7dceaf530c2d4f9b3450f2df ZephyrFlow TrojanSpy.Win64.VIDAR.SMCLX 8b874a8526dbcb34091bfd5465f1445ae3c197119f9b531dcaf41817b42c2b92 HeliosFramework TrojanSpy.Win64.VIDAR.SMCLX b17dcbf03d2e8900b5f2c0c2cb87964a503d348d742e4d8758d515d37ccd4eda ZenithOverlay TrojanSpy.Win64.VIDAR.CK e747aff851ff6a22ad6e89babc6546b9a5e3fbf427624fb2d5df3052f5e01bae KinesisModule TrojanSpy.Win64.VIDAR.CI 5024896b56a330f58408df1b403ddaf82532f4a93bd8d7596aa135d489e55309 cursor_pro.exe TrojanSpy.Win64.VIDAR.SMCLX 76634b6da10e3a2208fb892b4b3e0997647429d0c535f3f1b5efd92c95f706bd Crypto_Checker_x64.exe TrojanSpy.Win64.VIDAR.CB 517a61670a01418a3cc1210cab0e7d16801d2dbd31084f1a55a9d7829de028f8 WraithProtocol TrojanSpy.Win64.VIDAR.CL 6abeeadef5fbed1bc90690029973dc9302a5a809594f468fe3905c61ad0c4cb2 SpectreShell TrojanSpy.Win64.VIDAR.CA 2bb52f410261e4e710f25f8a891ae9f50692d83f99b000da4bb08b5e238ed995 VortexTunnel TrojanSpy.Win64.VIDAR.SMCLX cd66ea6beacf831741c4bbdc34b73ca2b6bda318c0037f2075aaaa71505bff3a DaedalusMap TrojanSpy.Win64.VIDAR.CH df91075f0544dc68ac67efcac55ccc59f818c9c404f8baf1fa5b1dfb840b7189 wallpaperengine_x64.exe TrojanSpy.Win64.VIDAR.SMCLX 2e93982a0591ffc5cf5d44a509c70593ac4d8ce0f09ec5c5777b265b5adc6e15 YouTube_Downloader_x64.exe TrojanSpy.Win64.VIDAR.CE a73f9f5c1a25b9308c2f4771f3b83342137d56dfe846fc5c9b51b462e9c4fdc4 WraithProtocol TrojanSpy.Win64.VIDAR.SMCLX 8ad9a81150a2554a028bf7b291adaa347c7b512a151f00984229dfb124c4a73a WormGPT_x64.exe TrojanSpy.Win64.VIDAR.SMCLX 8dae77a6107f0c2523fc0b348855ae59f92543582921eedd841182641cfac63a WraithProtocol TrojanSpy.Win64.VIDAR.CF 7e0faef3a44beda4d281dea185647393b0bd1be9d64be2d27be57193e3e48ec4 WraithProtocol TrojanSpy.Win64.VIDAR.SMCLX 130b3ca8f09bdb8275702b589b2c83e37865ddbd976509f289096a1ff8f8ac60 Watchdog TrojanSpy.Win64.VIDAR.SMCLX fc68b5f82116711d864ccf82710ff772a53a5666a519584d3b61af63feff43a5 Colossus TrojanSpy.Win64.VIDAR.SMCLX 13fd41551e7913c2fd9c111705ed566f106cba12d7d63fc7374aa5f0199626c0 VortexTunnel TrojanSpy.Win64.VIDAR.SMCLX 7ab14d43b40c96f4e5d0f09aa982a5fb9f703315804b634f972f37591fc82b31 Cascade TrojanSpy.Win64.VIDAR.CC d82c1f704e91f7fa66e3abc97a7ba67b8b4ad1d321260d3cbfa16427d537f7d0 ArchonRelay TrojanSpy.Win64.VIDAR.CM 0d48454eb8c4c12b61ec75d6dadb9e7e680337e4635e30dd810dd79da66d1ff6 QuantumEdge TrojanSpy.Win64.VIDAR.SMCLX dd36c854da1ce3cd218a217d54af91b944be5cf4c05f9772c8828f15ed682716 GygesRing TrojanSpy.Win64.VIDAR.CD d3c4359892798c67b4ad7d694d9c787eb24b2237972c2f7ca88bffc19522504d EchoProtocol TrojanSpy.Win64.VIDAR.SMCLX d9b5acb8f429093166448437236a58c409b81565c8da0bd4556ade71bc508cbd HyperionLink TrojanSpy.Win64.VIDAR.CVA 8acfc35ce2d1e0ae44a9a322eccb42f82e8ffa0152ac19695442dca800367844 WraithProtocol TrojanSpy.Win64.VIDAR.CVB 53cca55872e96ccf0b623c0c235b9431e53aafcb8f4a0d35f8c53bc22069328f ElysianFields TrojanSpy.Win64.VIDAR.CVC a779b50e608e90b5c81495ed16089dfff7455319d3df71345659442f45ed390c BlackBox TrojanSpy.Win64.VIDAR.CVD 2fc550769875f9f368f9e9a91f53945d9a9fd6c35eb48e3990902dd994e74bb3 GPTAtlas TrojanSpy.Win64.VIDAR.CVF 6635a51c7ec5e0caf9331c2c83bfc8b2096a4bb7234eb946cc4f5119b30d5b34 GygesRing TrojanSpy.Win64.VIDAR.CVG 62abb872a0ae2360fa3994a3add1e9bac934e2b2f9607e3cc53b1f2ec238508e RoninScript TrojanSpy.Win64.VIDAR.CVH e5885fbeb2f34906230c584c1ebbc7fb9cc44eb130b5b86f604557ec7a644417 ReFlexEngine TrojanSpy.Win64.VIDAR.CVI fdbc1df49ed7db75ff6b597d533bb307bcf78adcea48798eddc836116857477b ValkyrieAssistant TrojanSpy.Win64.VIDAR.CVJ ae951519179b5f3e44b17d098a583c8562c7b2d638756aba5f178e0e22526117 VipersKiss TrojanSpy.Win64.VIDAR.CVK 47f7d06750f2e3119a6d5797dbc2aaa6005d49c73d89cdb7d1df4764ac368b78 WraithProtocol TrojanSpy.Win64.VIDAR.CVL 753b303973168c299f18023a946dd0771efddebc484f4c0f91cf0351ec5d23dd 2antzm.exe Trojan.Win32.AMADEY.I dba75edd71698a6b223d7ff6eed0a8bdd1324dc26e0383f25e576cecdc662f59 Ion Innovex Pro (x86) Trojan.Win32.GHOSTSOCKS.B 2d499700e1319d9203e322cb1e8a8cfec4aa997f86d1fcf76156cfaa0a72054c schd.dll Trojan.Win32.GHOSTSOCKS.B 81430ab4717bfcdb07219f6a7669f836302467fa9f648a873db551713c59ed20 Wisp Quantumtide Edge Edge (x86) Trojan.Win32.GHOSTSOCKS.B 0c9d2af6352826aa2381f5c4912f9b3fb421246ddfa457a4568f72eda5f4294d schd.dll Trojan.Win32.SHELLCODERUNNER.O a3a9b4b7b501210bdadc7db6dec6b596abfcd57e824ee09bb4c1ce5160ce0695 schd.dll Trojan.Win32.SHELLCODERUNNER.O 9fc2d2a42b6a06a018c8d503e7830964caefbad1fc57ce6db18530a9849249fb git2-a418d9d.dll Trojan.Win32.GHOSTSOCKS.B 4c60fced6025136e8bf448c294999837da5eb42005ecb2faa1d66c3518fd2b51 Keystone Trojan.Win32.GHOSTSOCKS.B e6b639ba11eb665d2351789f1965e2faa19af9cbec6c9b54f14061df49055871 Proto Modulator Tools (x86) Trojan.Win32.GHOSTSOCKS.B 8539f83c96a0aee219a8277444a3a50c1137772aea2db845447e33009b36d88f Xeno Junction Nest (x86) Trojan.Win32.GHOSTSOCKS.B 46a9b249a70d194437c8f2d655003fe582aa4c108861448b34b6f9fdb8a80614 SmallSteelHat39.dll Trojan.Win32.GHOSTSOCKS.YXGCGZ d71b41928d37a1e1b8ae65878a99b37e590ad2a6274696cdbe9f8219b80ac4c0 Keystone Trojan.Win32.GHOSTSOCKS.YXGBCZ b3953cde0e9990ba2ba72c21a5d524a88e2f88fd4b9168bd47b301cf38683f23 C:\Windows\dioeaz.exe Trojan.Win32.GHOSTSOCKS.B b5ace0a4ab7869372841875d9f592422c2f70f106fef3d2f594c4a686e3cfc7a SentinelAI.exe Trojan.Win32.GHOSTSOCKS.YXGBCZ 0b12a1e35c4d8464ba592c140726330cded2375cc975cd536e439edefdf9727b Agrello.exe Trojan.Win32.GHOSTSOCKS.B 984e415b8002eab2bc3a75f8f5fa6c1107f547a6644ead3703cecf7426a19c70 SentinelAI.exe Trojan.Win32.GHOSTSOCKS.B b3bd9f32d03f233304e1789495503f4a813bf8b91c806c77796d488ff56eb3fa PhalanxShield.exe TrojanSpy.Win64.VIDAR.CVM eb5d04a14e0bbf650f8be0370436ec4765272cd02dac634c9ccc23a36eb3a372 PhalanxShield.exe TrojanSpy.Win64.VIDAR.CVO 13c1b45a3724375d519909b32e08cc3e016d1c3ed9d48f649cdbee44e90e2089 NullDriver.exe TrojanSpy.Win64.VIDAR.CVN Parent Archives SHA256 Description Detection 06f63fe3eba5a2d1e2177d49f25721c2bdd90f3c46f19e29740899fa908453bf ClaudeCode_x64.7z TrojanSpy.Win64.VIDAR.CLO afa34c71a45f21d599c0bd90ac9026f68727aab0019c3b378956401475180c9c ClaudeCode_x64.7z TrojanSpy.Win64.VIDAR.CLB a91db63f47be1a86e7b67eb9245ec673bd916c136614d1bbe3ad224fd2e56e81 ClaudeCode_x64.7z TrojanSpy.Win64.VIDAR.CLG a181785b9f4e5b7186bf70aa23c8cabd5cc853d023c9a16225de882a7a1a737d claude-cowork-win-x64.7z TrojanSpy.Win64.VIDAR.CLF a803e68ba6c00cd435d2f8c13087d778552f13ebc3354dc91b4638efdf1d03b0 ClaudeCode_x64.7z TrojanSpy.Win64.VIDAR.CLA 839ec43959d298599c05bb20003487a76ceefed9fb0bdfae780f14009d5cd47d KawaiiGPT_x64.7z TrojanSpy.Win64.VIDAR.CLD 802355ad0d78f9a33ac7cee8f3b2bd09a0c0258bddfab502ed284e4a1b0b97ea NemoClaw_x64.7z TrojanSpy.Win64.VIDAR.CLM bebfe4ad683680d4fc433fa8d418e9bbd8e5c3468e5c4a6827a7eaab81f19a5f clawdbot_x64.7z TrojanSpy.Win64.VIDAR.CLL c9486f3249f9fd37073142bea47debb9aa11a4de5cfeb12078a59749a5a12407 Z_image_x64.7z TrojanSpy.Win64.VIDAR.CLG 4c1577d5fb6e36ad863ac0168a82bb40db707d5427a16bc5510ce7d8f17a54b0 bbg_free_x64.7z TrojanSpy.Win64.VIDAR.CLT 81abcdbad6597af9edd4c1b5de6af94f288609a4238033e8c7d703ca4fe5118e opus-4-6-x64.7z TrojanSpy.Win64.VIDAR.CLG 6c446cd445e76874c2606b5cb355e033a61514f8ea0fe94f0c0c31ee702ea8f2 Z_image.7z TrojanSpy.Win64.VIDAR.CLC 905f5697b42d00081c7f564631506f891fea3babc639655df9a3979c983abe00 iRemovalPro_x64.7z TrojanSpy.Win64.VIDAR.CLO 8595715812ca39aefe2eba284aee8036463c35b594e528f9372386c1db7ad813 WormGPT_x64.7z TrojanSpy.Win64.VIDAR.CLD 54d69b135e557bebf9bb6c837544d057194d53b695aa9c73013196501894df3b voicemod_x64.7z TrojanSpy.Win64.VIDAR.CLF 879430b25ffdc2ff52e083bace983e6915c2c74e0825c6e52d2c7436ab8d64a9 perplexity_computer_x64.7z TrojanSpy.Win64.VIDAR.CLP 9644f44d3f7d25bc91c74d52c76ef48e2a74e5e0c07d78892f708266129e7dcc voicemod_x64.zip TrojanSpy.Win64.VIDAR.CLF 1fe8a6df98ac1984daaba257504ba00b2932021ba264a49ff70e797d1a8b83e6 seedance_x64.7z TrojanSpy.Win64.VIDAR.CLU 4adb51eb159b99cba7dc3749325348836827f43cedc45672df16c408d864f28c iRemovalPro_x64.7z TrojanSpy.Win64.VIDAR.CLU 192f893bad1b188f6a95b59ce92170dd037bf8a0b9b271557f8add0bea09b1e4 SimpleClaw_x64.7z TrojanSpy.Win64.VIDAR.CLS 7b072c13bae667ee4a077b48e3572468672b8593fb9b7adcf93230daf2c69e87 SoraRemover_x64.7z TrojanSpy.Win64.VIDAR.CLU 9b8ce5fb1572d76340886e04d0e8d3318ef01ffe55d6efa5e8fb5c4ae4980b3c bbg_free_x64.7z TrojanSpy.Win64.VIDAR.CLT 03a0a9948a220b635ba3dbf71e64a5dfcc0a4a4efcce76ff9f3d664faef68a3e seedance_x64.7z TrojanSpy.Win64.VIDAR.CLU bef345a58bead10b9b556a64788a4ee948e86403af142223659f7add09ec6779 YouTube_Downloader_x64.7z TrojanSpy.Win64.VIDAR.CLU e29ad19eb8558def511aeb450287b80bbf92a2ff5d92401df200863ce25631db nanobot_x64.7z TrojanSpy.Win64.VIDAR.CLE aa5823a9338dddc56ed8512605e5c25b2b1c030f8fcc27594604e3c3611412c5 hyperliquid-bot_x64.7z TrojanSpy.Win64.VIDAR.CLG 96384813d1fa06eb4cf98b0ae4c91817d540014dc7b2be645c6c43acec0f8e53 OpenClaw_x64.7z TrojanSpy.Win64.VIDAR.CLE 80d6b8d37d86543ff72614f63a6dab5828e4dd54a1af5836c157bde764f5a865 OrcaSlicer_x64.7z TrojanSpy.Win64.VIDAR.CLN 65953a2916844c386fea0b3399618e1b1d5ee8d0cc7d5a1de0ac7e35ea02b90d CopilotCowork_x64.7z TrojanSpy.Win64.VIDAR.CLN 92ea932a9fde49bffe94442c956df51d5e24b790dce0987413dcfd2bd6533006 opus-4-6-x64.7z TrojanSpy.Win64.VIDAR.CLM 4183fa32ceee134369924cf1124e7db0fda8d748511b6d3b327ae35e990f54e9 MALWARE_CLAUDECODE.7z TrojanSpy.Win64.VIDAR.CLG b285d84ac95b277fd9518a25793536f17a053f18ec4bf4b7bd0143c0eec6c1b4 LTX-2.3_x64.7z TrojanSpy.Win64.VIDAR.CLM 41da828ea46eb6623a39a7fa8ac737fd2b4c3266b1dca1665c9ba4cd311f3948 atlas_browser.7z TrojanSpy.Win64.VIDAR.CVL 889d24c726ea28e38e8c5428ad24d58270e775bc3c32385f97396f490a8b3335 atlas_browser.7z TrojanSpy.Win64.VIDAR.CVB b0f6fd80a4005e8109a606c9064771d9c6287136c7a09e7f98e456b6eae85f1b atlas_winx64.7z TrojanSpy.Win64.VIDAR.CVB 8d4415559f51d63b11f3fb562c9b4ad6cbd728481d0127662d0dd9a5f85ca24d perplexity_computer_x64.7z TrojanSpy.Win64.VIDAR.CLP bcdc3100e9792c5f928523d0851c5b5c211d66d667a00060891dc44651bcf69b cursor_pro.7z TrojanSpy.Win64.VIDAR.SMCLX 9f09c239f9f5b89e985e88a5fbe6ebebcc5567a8d9cecca439a2f9f44aa50fd7 lol_launcher_x64.7z TrojanSpy.Win64.VIDAR.CVG 4301e099d379d4d8b1e10e851f22fcdce41aad0d7f1712293b03359c4a6242db FortLauncher.7z TrojanSpy.Win64.VIDAR.CVG 9a4abc6a44e4cfaef36af81ae674d57331a13ac909d3dbcde37cd60eb12e8bd2 atlas_winx64.7z TrojanSpy.Win64.VIDAR.CVB 7c393cbd41af3f9ad788ca26ccbb17ff286916b62dca9a6c23a0f34b3820f3b1 StableDiffusion_x64.7z TrojanSpy.Win64.VIDAR.SMCLX b8c78d6cbcdba2db20e87e5751184ec183d2cb976c532daddb1abd574ed34c7c WormGPT_x64.7z TrojanSpy.Win64.VIDAR.SMCLX b41b85a062b69f077879ee38bce1fd69c4ddac217c86f60f816ccba1279cace9 atlas_winx_64.7z TrojanSpy.Win64.VIDAR.CVB fbc483ac9098751faf2c5627804283dffce8ec05bf97652aca00a4ed6c1c2427 gemini_3_pro_x64.7z TrojanSpy.Win64.VIDAR.SMCLX b3668936adf5134b8329e1ae06f45b55ff5253fd45a6e7ae35662b6179a6c6c9 clawdbot_x64.7z TrojanSpy.Win64.VIDAR.SMCLX 519e3161abc8d99b20f8b4e71e863995453b1f375830a43e5140b13969e5dc7f DeepSeekAI_agent_x64.7z TrojanSpy.Win64.VIDAR.CVK ae8cfb06d33311e19e034966ce9fed05a137763015bf8b8b75e4bdfa44234c0c No filename. TrojanSpy.Win64.VIDAR.CVJ c904775ad1df8c593f504d7760a7af022ec4da8dba726e81e691013c55a1e01d C:\Users\Standard\Downloads\WallpaperEngine.7z TrojanSpy.Win64.VIDAR.CVI c8d38a6665940916fb2dba67a22689623e728ab012184fadc34b34bf012040a1 3feb66d4-229a-4ccd-9bae-7afd0c58aba1 TrojanSpy.Win64.VIDAR.CLS d9c92a9af18e125993963d88b6a9dd9524b03369b09bc9e26f8d7ae1fdf2343f cs2_launcher_x64.7z TrojanSpy.Win64.VIDAR.CVG e8b32f0a83eae07653b20dbcf017ded64db065db9cd4ba45c55060d6ea6d1a06 DeepSeekAIagent_x64.7z TrojanSpy.Win64.VIDAR.CVH 014c7f79e92406ba2a3d57c5d76b1b79844c4ec66504ced8376a9ba21dbadcae No filename. TrojanSpy.Win64.VIDAR.CLF b6eb8d7724fdf1233c8c2ebae72b25d58191e0239566c942f244e41ac3c61e77 AtlasBrowser_x64.7z TrojanSpy.Win64.VIDAR.CVA dcbc56179bad314654eea69b7700f108f16c338502d48fa2e78ccd946eb1c21e atlas_browser_x64.7z TrojanSpy.Win64.VIDAR.CVB 8abb3b803c254255642bb0d1cee169e739f977bf93d14f565a4e070755d451f6 No filename. TrojanSpy.Win64.VIDAR.CLF 8300ecd19c11ca23ed4b6cc16185d1093098d7784ede3db05c94bfeeaa2cf712 atlas_winx_64.7z TrojanSpy.Win64.VIDAR.CVB 110bd392d2522a5e44ca9b38bd123a0b808da47e11341f9ecce165690f464ffd sora_watermark_remover_x64.7z TrojanSpy.Win64.VIDAR.SMCLX 75e25f11a5490aa3223c366ab0b4a0d8eff05aa725420c6b4fb02e444b62d4bc AtlasBrowser.7z TrojanSpy.Win64.VIDAR.CVC 8c916aa01d6644a1e909bf28e0aa87571d47e4a25a46b3f331e7ac951e5f8ac0 c6c9dade-22ed-44de-915c-3b1753537483 TrojanSpy.Win64.VIDAR.SMCLX 795156987ee21dffc5ff9d3f6bdc3ae97636e5a4e9833ae06284be2a05d4f8f6 sora_x64.7z TrojanSpy.Win64.VIDAR.SMCLX 063069d839487e61f468d659fe7c1ca9c99aa596d12a36889738844da88ac9b4 voicemod_x64.7z TrojanSpy.Win64.VIDAR.SMCLX 6be243d8d40854b038ef82a46b8b5aa89b2cb9e02e5c471a8a85fd96f131b794 voicemod_x64.7z TrojanSpy.Win64.VIDAR.SMCLX b3e9fe7c0c85fa3ba19ad484ea201b7045c8d9016ac76c37ca3902c368b73ff6 AtlasBrowser.7z TrojanSpy.Win64.VIDAR.CVC e4a990e858271178d1f16e17b827ceddadb677a873e69a203a89298e13e0aeca AtlasBrowser.7z TrojanSpy.Win64.VIDAR.CVC 557887b1b153b5a2f6255340315eb5e44ecb6028eb3cc328d7f2cb179cce8d8f TrafficMonitor.-.Lite.7z TrojanSpy.Win64.VIDAR.CG 98e9d3d48732c08bdae41cb73da04e9ebdbf648f43b87c2d06378f4ec96c1f90 WallpaperEngine.7z TrojanSpy.Win64.VIDAR.CVD dcd1c591016c6e56f3185abeba50b56a3425aac89fba0beec6ee86e2dc704dbb No filename. TrojanSpy.Win64.VIDAR.CLS 82e5fe24d9572a73baf344371813d903ce6047ff74706f1868a05690d7c59803 AtlasWin.7z TrojanSpy.Win64.VIDAR.CVF e21f6f9a36cf764f1cda851b90b74d455307c12b58af0d20dc0a0fdfaae16145 nof1ai_alphaarena.7z TrojanSpy.Win64.VIDAR.CLS b82f2a80018aa567f29be96cadb9d42465edb279ba1dc9f1b63f8350bbcf2739 LoL-Launcher.7z TrojanSpy.Win64.VIDAR.SMCLX 5fae328ead381b5e6903e6655d6c0c9cfab75c017d1aaf457e0f45a5ddb8b28e WormGPT_x64.7z TrojanSpy.Win64.VIDAR.CLS 981678d683b1bad17356382b49f925740758de5f6f2c5335a6e0b410d6f3d96d QwenTradingBot_x64.7z TrojanSpy.Win64.VIDAR.SMCLX 66ba90526e257d507dd235e7b0664035cdeea530adc7e90c4ef2319e9ba1b48e No filename. TrojanSpy.Win64.VIDAR.SMCLX 8c11a761cd1766c4f9ec8a27a514627bcbae07be278a29d50784692f83694017 Launcher_v1.1.7z TrojanSpy.Win64.VIDAR.SMCLX 324c4dc689907e117ea3be41c651b480ac7c81c4870c4154b1403be5ff3ecc37 DeepSeekTradingBot_x64.7z TrojanSpy.Win64.VIDAR.SMCLX ee42c4591a16a6c1f5b96494e585037bc1e4b21d3484103805716738cd1b85ef GPTAtlas.7z TrojanSpy.Win64.VIDAR.SMCLX d9bd6b9ce6cacaa51367cc1b882b87d345ae3210291bbc463218f159ae13a5ee WormGPT_x64.7z TrojanSpy.Win64.VIDAR.SMCLX bd13b3d7b061026ba43156d5afee5fabc875aef2103e88af04414e79b952bfe2 WallpaperEngine.7z TrojanSpy.Win64.VIDAR.SMCLX 0f1a302c81bf7eac45ef0b6f808628ff0df07a002b9a6360056a0a7c0ed393f8 No filename. TrojanSpy.Win64.VIDAR.SMCLX 7dc4090b8b1efc4cfd2ee281122329f4585def443aa32013213d9981034660dc polymarket_ai_agent.7z TrojanSpy.Win64.VIDAR.SMCLX 33b5c9371ea6a2dcb9416836d2bc8d1200473ff8763fbe8580c56dfd8a2b71e0 No filename. TrojanSpy.Win64.VIDAR.SMCLX 46c6f9ee0ea20a3be34a52f82ec38569bb1ed0b9204e4872444326c96110540c GemAI.7z TrojanSpy.Win64.VIDAR.SMCLX 4d6ab5bc3e29fdf84efccaa43a787eab4b13343fc685fccfa7e1ca70d877b2fd launcher_x64.7z TrojanSpy.Win64.VIDAR.SMCLX 6c44b5ff2d402fb3d15d5c3916fa9029ddc3cb29f7f143b4b4bf15b9f3ef3da5 No filename. TrojanSpy.Win64.VIDAR.SMCLX 4ac245d09844befa4e69f274216c26fa53a30fea5785941cbe5d5204ab516f52 Launcher_v1.4.7z TrojanSpy.Win64.VIDAR.SMCLX 2ae7585898faa546f46a4e05b9e4436f93c1603d7fbe5c20c6f7d7be5f240ac9 AtlasGPT.7z TrojanSpy.Win64.VIDAR.SMCLX 4cee30bdc9f4c252b5ff9e084f45b89879c771984b456977c41a8defaafb287f BF6_Launcher.7z TrojanSpy.Win64.VIDAR.SMCLX 3c28fdcd29cedcc6e393991e477f7f0a9abe58b052dc73295df88cdfb8b4ccfc pumpfun_bundler_bot.7z TrojanSpy.Win64.VIDAR.SMCLX df01ec79aab4b851cc5f4144a36396d639db776fb3491c243e1ea1f92a6bd79a nof1ai_alphaarena.7z TrojanSpy.Win64.VIDAR.SMCLX bd3ff737405986ed62f826cba1935fe49c164ee2e8a9a41ffa434126468fe94b AtlasSetup.7z TrojanSpy.Win64.VIDAR.SMCLX 6448a6d9fe29a89ba393b795199af237111d39116d078ba2666b9eb2ff9ba7ff Launcher_v1.1.7z TrojanSpy.Win64.VIDAR.SMCLX 2910882bfcedc7dc610699a1718fe0dbe624b43700603ded52ba5d6750b86d42 WallpaperEngine.7z TrojanSpy.Win64.VIDAR.SMCLX 8eae7f26470498cfe8700ec1f3811a3931e7b034a783a7d118d42e338716d826 Launcher_AIO_v2.1.1.7z TrojanSpy.Win64.VIDAR.SMCLX a3fca483734aac5d6b9c5296d336edd3157db29f79e5dc6b04ac381c8e966f48 wallpaper-engine.7z TrojanSpy.Win64.VIDAR.SMCLX 81252ac8423b2d8256fa91da351864f1b8001bdbd820403243e04db1f49a0b73 PolyTrade.7z TrojanSpy.Win64.VIDAR.SMCLX 00ec51f61161cf00e9e8e617234f8e170a92f0f2159fda61201f40ec4d45d186 GPTAtlas.7z TrojanSpy.Win64.VIDAR.SMCLX c4452f7ccc0a2f5abebdd6d735fcb8faa0cec00eda76e903e4bcd9e4fb021d11 KawaiiGPT_x64.7z TrojanSpy.Win64.VIDAR.SMCLX 3787096d9b571e041013088804d79cf24b3fc8c2d6a1f4b45072bedd14c140b7 WormGPT.7z TrojanSpy.Win64.VIDAR.SMCLX de940387f45a32b3a1bdc6c1ec80c8357e569b1bd5a2e8ee8d3ec79bc261eadd WallpaperEngine.7z TrojanSpy.Win64.VIDAR.SMCLX ebcecbcec3f1ad8c81877b93aa864038ff448a419d47b2db9ec218202b9731ec No filename. TrojanSpy.Win64.VIDAR.SMCLX 546abcdd432d97d94a85420163940c27396918da21ed83b91dd893449c26095d launcher_atlas.7z TrojanSpy.Win64.VIDAR.SMCLX 409a8da9a1bb01e5d119e70aa6af7cfb041435f4ee821331ddaee51126415888 HyperLiquid_trading_bot_x64.7z TrojanSpy.Win64.VIDAR.SMCLX 68d61f1728b7dfbbf796e2a4bb2b02191b5f2f2ad162e9b6f71734aa0d7d2936 Launcher_AIO_v2.1.9.7z TrojanSpy.Win64.VIDAR.SMCLX 3ff7e18f8e34e0563e392dbad3dbc1f19a7b0156997dc2df6ed2615baf0539fe opus-4-6-x64.7z TrojanSpy.Win64.VIDAR.SMCLX 65b9761fb1c894fd867b81c663cb041235faadab06739c3a7abae38a0eefc1be Claude-Code_x64.7z TrojanSpy.Win64.VIDAR.SMCLX 68c2835a48d583515e1a60562d60dc9b42b71a9a3abeac48363bb2d112341400 20260402FakeApp1x.7z TrojanSpy.Win64.VIDAR.CLB 25ae81f20fca96991cdeac986c21a601a738c6950b77d03e6d6199e77f76f573 LTX2.3_ComfyUI_x64.7z TrojanSpy.Win64.VIDAR.CLM fa03dd9e3f355b283c638544e5b606371eaffc323cf23818632ea9ee30a3bb5a Claude_code_x64.7z TrojanSpy.Win64.VIDAR.CVM f3bb5494a29087d1802f3d97832772040238613c3d4c691af8f702dce7bac3a3 WormGPT_x64.7z TrojanSpy.Win64.VIDAR.CLD ==================================================================================================================================================== URLs ==================================================================================================================================================== C&C servers URL Description Detection hxxps[://]rti[.]cargomanbd[.]com Vidar C&C server 91. C&C Server hxxps[://]steamcommunity[.]com/profiles/76561198721263282 Vidar dead drop resolver   91. C&C Server hxxps[://]telegram[.]me/g1n3sss Vidar dead drop resolver   91. C&C Server serverconect[.]cc C2 domain for suspected PureLogs Stealer 91. C&C Server steamhostserver[.]cc Vidar C&C server 91. C&C Server hxxps[://]snippet[.]host/ Backup driver list URL 78. Malware Accomplice hxxps[://]telegram[.]me/dikkh0k Telegram channel used to resolve Vidar C2 address 78. Malware Accomplice hxxps[://]steamcommunity[.]com/profiles/76561198742377525 Steam profile used to resolve Vidar C2 address 78. Malware Accomplice hxxps[://]socifiapp[.]com/api/reports/upload Data exfiltration location 91. C&C Server hxxps[://]pastebin[.]com/raw/mcwWi1Ue Primary driver list URL 78. Malware Accomplice hxxps[://]snippet[.]host/efguhk/raw Backup driver list URL 78. Malware Accomplice 45[.]55[.]35[.]48 Vidar C&C server 91. C&C Server 147[.]45[.]197[.]92:443 GhostSocks C&C server   91. C&C Server 94[.]228[.]161[.]88:443 GhostSocks C&C server 91. C&C Server 185[.]196[.]9[.]98 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 121[.]127[.]33[.]212 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 144[.]31[.]123[.]157 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 144[.]31[.]139[.]201 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 144[.]31[.]139[.]203 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 144[.]31[.]204[.]136 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 144[.]31[.]204[.]145 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 147[.]45[.]197[.]92 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 172[.]245[.]112[.]202 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 193[.]143[.]1[.]155 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 193[.]143[.]1[.]160 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 193[.]23[.]211[.]29 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 194[.]28[.]225[.]230 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 206[.]245[.]157[.]177 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 64[.]188[.]70[.]194 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 77[.]239[.]120[.]249 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 77[.]239[.]121[.]3 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 84[.]201[.]4[.]120 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 87[.]251[.]87[.]137 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 93[.]185[.]159[.]90 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server 94[.]228[.]161[.]88 GhostSocks helper C2 address over HTTPS on port 443 91. C&C Server Distribution URLs URL Description Detection github[.]com/leaked-claude-code/leaked-claude-code Claude Code 79. Disease Vector github[.]com/my3jie/leaked-claude-code Claude Code 79. Disease Vector github[.]com/OtisChin/open-claude-code OpenClaudeC 79. Disease Vector github[.]com/Kawaii-GPT-ai/KawaiiGPT KawaiiGPT 79. Disease Vector github[.]com/ai-wormGPT/wormGPT WormGPT 79. Disease Vector github[.]com/claude-ai-opus-4-6/claude-opus-4.6 Claude Opus 79. Disease Vector github[.]com/realtime-voice-changer-app/realtime-voice-changer Voicemod 79. Disease Vector github[.]com/LTX-desktop/LTX-2.3 LTX Video 79. Disease Vector github[.]com/nvidia-nemoclaw/NemoClaw NemoClaw 79. Disease Vector github[.]com/idbzoomh1 Trojanized repository publisher 79. Disease Vector