Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ACSC ClickFix mitigation guidance for Vidar Stealer

Advisory/Mitigation
First reported
Last updated
Happening score
H score 34
2 unique sources, 2 articles

Summary

Hide ▲

The ACSC issued mitigation guidance for an ongoing ClickFix campaign that is pushing Vidar Stealer through malicious PowerShell commands, increasing credential-theft risk for Australian organizations. Attackers are abusing compromised WordPress sites and fake Cloudflare/CAPTCHA prompts to make users execute the payload themselves. The advisory tells defenders to restrict PowerShell execution and use application allow-listing to reduce exposure.

Related Happenings

Vidar Stealer ClickFix campaign targeting multiple sectors

Campaign
First: 08.05.2026 14:00 Last: 08.05.2026 14:00 Sources 1

How related: The ACSC has warned that a widespread campaign to distribute the malware combines compromised WordPress sites with ClickFix techniques.

About this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...

Open Happening

Snow malware suite deployment by UNC6692

Malware Activity
First: 25.04.2026 18:07 Last: 25.04.2026 18:07 Sources 1

About this happening: UNC6692 has deployed the **Snow** malware suite through **social engineering**, creating a stealthy path to **credential theft** and **domain compromise**. The operation uses **em...

Open Happening

2025 Rise in legitimate-access intrusions across enterprise sectors

Target Trend
First: 01.04.2026 17:05 Last: 01.04.2026 17:05 Sources 1

About this happening: **Legitimate access abuse** is now a leading intrusion pattern across **2025** investigations, increasing the risk of stealthy compromise across **manufacturing, healthcare, MSPs,...

Open Happening

Venom Stealer MaaS continuous credential theft and exfiltration

Malware Activity
First: 01.04.2026 16:30 Last: 01.04.2026 16:30 Sources 1

About this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...

Open Happening

Venom Stealer MaaS infostealer with persistent credential harvesting

Malware Activity
First: 31.03.2026 17:51 Last: 31.03.2026 17:51 Sources 1

About this happening: The **Venom Stealer** infostealer now ships as **malware-as-a-service (MaaS)**, expanding access to a persistent credential-theft tool and raising risk for **Windows** users. It s...

Open Happening

Timeline

  1. 07.05.2026 21:00 2 articles · 20d ago

    ACSC warns of ongoing ClickFix-driven Vidar Stealer campaign

    Initial Disclosure

    The Australian Cyber Security Center (ACSC) warned that an ongoing ClickFix campaign is targeting Australian organizations and infrastructure entities by using compromised WordPress websites, fake Cloudflare verification or CAPTCHA prompts, and malicious PowerShell commands to deliver Vidar Stealer. The advisory also said the malware retrieves command-and-control details through dead-drop URLs that use services such as Telegram bots and Steam profiles, deletes its executable after launch, and can operate from system memory to reduce forensic artifacts. ACSC provided indicators of compromise and advised organizations to restrict PowerShell execution, implement application allow-listing, and have WordPress site administrators apply security updates for themes and add-ons and remove unused plugins.

    Show sources
    Open in new tab