A financially motivated campaign distributing Vidar stealer and XMRig cryptocurrency miner through malvertising, targeting users seeking pirated software. Attackers use password-protected .bin archives and Authenticode-signed loader binaries to bypass security measures. The loader employs the Factory-v3 framework, generating unique binaries per build to evade hash-based detection.