ClickFix social engineering campaigns distributing Vidar Stealer malware via compromised WordPress sites
Summary
Hide ▲
Show ▼
An active malware campaign leveraging the ClickFix social engineering technique is targeting Australian organizations and infrastructure entities through compromised WordPress websites. The attack redirects users to malicious payloads via WordPress-hosted infrastructure and displays fake Cloudflare verification or CAPTCHA prompts instructing victims to manually execute malicious PowerShell commands. This results in the delivery and execution of Vidar Stealer, an information-stealing malware family operating as malware-as-a-service (MaaS). The campaign abuses legitimate-looking prompts to bypass security controls, with Vidar Stealer designed to operate from system memory for evasion and persistence, targeting sensitive data including browser credentials, cryptocurrency wallets, and system metadata.
Timeline
-
07.05.2026 21:00 1 articles · 2h ago
ClickFix campaigns exploiting WordPress sites to deliver Vidar Stealer malware observed targeting Australian infrastructure
ClickFix social engineering campaigns are being used to deliver Vidar Stealer info-stealing malware via compromised WordPress websites. Users are redirected from legitimate-looking pages to malicious payloads and prompted to manually execute PowerShell commands to bypass security controls and initiate Vidar Stealer infections.
Show sources
- Australia warns of ClickFix attacks pushing Vidar Stealer malware — www.bleepingcomputer.com — 07.05.2026 21:00
Information Snippets
-
The Australian Cyber Security Center (ACSC) has observed ClickFix-associated activity leveraging compromised WordPress sites to distribute Vidar Stealer malware.
First reported: 07.05.2026 21:001 source, 1 articleShow sources
- Australia warns of ClickFix attacks pushing Vidar Stealer malware — www.bleepingcomputer.com — 07.05.2026 21:00
-
ClickFix attacks trick users into manually executing PowerShell commands via fake CAPTCHA or browser verification prompts on compromised websites.
First reported: 07.05.2026 21:001 source, 1 articleShow sources
- Australia warns of ClickFix attacks pushing Vidar Stealer malware — www.bleepingcomputer.com — 07.05.2026 21:00
-
Vidar Stealer is an information-stealing malware family operating as malware-as-a-service (MaaS) since late 2018, known for targeting browser data, cryptocurrency wallets, autofill information, and system details.
First reported: 07.05.2026 21:001 source, 1 articleShow sources
- Australia warns of ClickFix attacks pushing Vidar Stealer malware — www.bleepingcomputer.com — 07.05.2026 21:00
-
Vidar Stealer deletes its executable after launch and operates from system memory to reduce forensic artifacts, with command-and-control (C2) addresses retrieved via "dead-drop" URLs hosted on public services such as Telegram bots and Steam profiles.
First reported: 07.05.2026 21:001 source, 1 articleShow sources
- Australia warns of ClickFix attacks pushing Vidar Stealer malware — www.bleepingcomputer.com — 07.05.2026 21:00
-
ACSC recommends organizations restrict PowerShell execution, implement application allow-listing, and apply security updates to WordPress themes and plugins to mitigate risks.
First reported: 07.05.2026 21:001 source, 1 articleShow sources
- Australia warns of ClickFix attacks pushing Vidar Stealer malware — www.bleepingcomputer.com — 07.05.2026 21:00