Find notable cyber news and cases, enriched with sources, timelines, and signals.

Vidar Stealer ClickFix campaign targeting multiple sectors

Campaign
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

The Vidar Stealer campaign is using ClickFix social engineering and compromised WordPress sites to deliver password-stealing malware, widening risk for infrastructure and organizations across multiple sectors. The operation lures victims with fake CAPTCHA prompts that push them to run malicious commands or download payloads. Once delivered, Vidar Stealer targets Microsoft Windows systems and steals credentials and other sensitive data while trying to evade detection.

Related Happenings

REF6045 ClickFix banking fraud campaign targeting Mexican financial users

Campaign
H score36 First: 08.07.2026 15:52 Last: 08.07.2026 15:52 Sources 1

About this happening: The **REF6045** campaign is actively targeting **customers of Mexican banks, fintechs, payment processors, and cryptocurrency exchanges**, using **ClickFix** lures to push victims...

StealC and Amadey infostealer infrastructure disruption

Malware Activity
H score69 First: 24.06.2026 18:25 Last: 24.06.2026 18:25 Sources 1

About this happening: **StealC** and **Amadey** malware infrastructure was disrupted in **Operation Endgame**, cutting off the command-and-control services used to manage infected systems. Europol said...

Amadey and StealC shared-infrastructure malware activity

Malware Activity
H score66 First: 24.06.2026 18:02 Last: 24.06.2026 18:02 Sources 1

About this happening: The **Amadey** loader and **StealC** infostealer are being linked through shared **C&C infrastructure**, making the pair easier to coordinate and disrupt. **Amadey** helps attacke...

Windows cryptocurrency clipper campaign targeting users via USB LNK worms

Campaign
H score32 First: 18.06.2026 17:30 Last: 18.06.2026 17:30 Sources 1

About this happening: A **Windows cryptocurrency clipper campaign** is actively targeting users since **February 2026**, putting clipboard data, wallet addresses, and seed phrases at risk. The operatio...

Ghost Networks crypto-clipper promotion campaign

Campaign
H score15 First: 17.06.2026 21:14 Last: 17.06.2026 21:14 Sources 1

About this happening: **Unknown threat actor** is running an **active June 2026** campaign that fakes legitimacy to distribute a **Rust-based clipboard hijacker**. The operation uses **bogus GitHub sta...

Timeline

  1. 07.05.2026 03:00 2 articles · 2mo ago

    ACSC warns of ClickFix-delivered Vidar Stealer campaign

    Initial Disclosure

    The Australian Cyber Security Centre warned on May 7, 2026 that a ClickFix-based campaign was delivering Vidar Stealer to infrastructure and organizations across multiple sectors through compromised WordPress sites and fake CAPTCHA prompts; the malware targets Microsoft Windows users, steals usernames, passwords, credit card data, cryptocurrency wallets, browser history, and MFA tokens, and uses self-deletion and memory-based operation to hinder detection.

    Show sources