Vidar Stealer ClickFix campaign targeting multiple sectors
Campaign
Summary
Hide ▲
Show ▼
The Vidar Stealer campaign is using ClickFix social engineering and compromised WordPress sites to deliver password-stealing malware, widening risk for infrastructure and organizations across multiple sectors. The operation lures victims with fake CAPTCHA prompts that push them to run malicious commands or download payloads. Once delivered, Vidar Stealer targets Microsoft Windows systems and steals credentials and other sensitive data while trying to evade detection.
Related Happenings
REF6045 ClickFix banking fraud campaign targeting Mexican financial users
Campaign
H score36
First: 08.07.2026 15:52
Last: 08.07.2026 15:52
Sources 1
About this happening:
The **REF6045** campaign is actively targeting **customers of Mexican banks, fintechs, payment processors, and cryptocurrency exchanges**, using **ClickFix** lures to push victims...
REF6045 ClickFix banking fraud campaign targeting Mexican financial users
CampaignAbout this happening: The **REF6045** campaign is actively targeting **customers of Mexican banks, fintechs, payment processors, and cryptocurrency exchanges**, using **ClickFix** lures to push victims...
StealC and Amadey infostealer infrastructure disruption
Malware Activity
H score69
First: 24.06.2026 18:25
Last: 24.06.2026 18:25
Sources 1
About this happening:
**StealC** and **Amadey** malware infrastructure was disrupted in **Operation Endgame**, cutting off the command-and-control services used to manage infected systems. Europol said...
StealC and Amadey infostealer infrastructure disruption
Malware ActivityAbout this happening: **StealC** and **Amadey** malware infrastructure was disrupted in **Operation Endgame**, cutting off the command-and-control services used to manage infected systems. Europol said...
Amadey and StealC shared-infrastructure malware activity
Malware Activity
H score66
First: 24.06.2026 18:02
Last: 24.06.2026 18:02
Sources 1
About this happening:
The **Amadey** loader and **StealC** infostealer are being linked through shared **C&C infrastructure**, making the pair easier to coordinate and disrupt. **Amadey** helps attacke...
Amadey and StealC shared-infrastructure malware activity
Malware ActivityAbout this happening: The **Amadey** loader and **StealC** infostealer are being linked through shared **C&C infrastructure**, making the pair easier to coordinate and disrupt. **Amadey** helps attacke...
Windows cryptocurrency clipper campaign targeting users via USB LNK worms
Campaign
H score32
First: 18.06.2026 17:30
Last: 18.06.2026 17:30
Sources 1
About this happening:
A **Windows cryptocurrency clipper campaign** is actively targeting users since **February 2026**, putting clipboard data, wallet addresses, and seed phrases at risk. The operatio...
Windows cryptocurrency clipper campaign targeting users via USB LNK worms
CampaignAbout this happening: A **Windows cryptocurrency clipper campaign** is actively targeting users since **February 2026**, putting clipboard data, wallet addresses, and seed phrases at risk. The operatio...
Ghost Networks crypto-clipper promotion campaign
Campaign
H score15
First: 17.06.2026 21:14
Last: 17.06.2026 21:14
Sources 1
About this happening:
**Unknown threat actor** is running an **active June 2026** campaign that fakes legitimacy to distribute a **Rust-based clipboard hijacker**. The operation uses **bogus GitHub sta...
Ghost Networks crypto-clipper promotion campaign
CampaignAbout this happening: **Unknown threat actor** is running an **active June 2026** campaign that fakes legitimacy to distribute a **Rust-based clipboard hijacker**. The operation uses **bogus GitHub sta...
Timeline
-
07.05.2026 03:00 2 articles · 2mo ago
ACSC warns of ClickFix-delivered Vidar Stealer campaign
Initial DisclosureThe Australian Cyber Security Centre warned on May 7, 2026 that a ClickFix-based campaign was delivering Vidar Stealer to infrastructure and organizations across multiple sectors through compromised WordPress sites and fake CAPTCHA prompts; the malware targets Microsoft Windows users, steals usernames, passwords, credit card data, cryptocurrency wallets, browser history, and MFA tokens, and uses self-deletion and memory-based operation to hinder detection.
Show sources
- Australian Cyber Security Centre Issues Alert Over ClickFix Attacks — www.infosecurity-magazine.com — 08.05.2026 14:00
- Australian Cyber Security Centre Issues Alert Over ClickFix Attacks — www.infosecurity-magazine.com — 08.05.2026 14:00