Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Vidar Stealer ClickFix campaign targeting multiple sectors

Campaign
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

The Vidar Stealer campaign is using ClickFix social engineering and compromised WordPress sites to deliver password-stealing malware, widening risk for infrastructure and organizations across multiple sectors. The operation lures victims with fake CAPTCHA prompts that push them to run malicious commands or download payloads. Once delivered, Vidar Stealer targets Microsoft Windows systems and steals credentials and other sensitive data while trying to evade detection.

Related Happenings

Fake Gemini CLI and Claude Code SEO-poisoning infostealer campaign

Campaign
First: 22.05.2026 14:30 Last: 22.05.2026 14:30 Sources 1

About this happening: **Cyber threat actors** ran a **malicious SEO-poisoning campaign** that impersonated **Google Gemini CLI** and **Anthropic Claude Code** to push malicious downloads. The operation...

Open Happening

Fox Tempest's malware-signing service scales trusted-signed malware for ransomware gangs

Threat Actor Meta
First: 20.05.2026 00:47 Last: 20.05.2026 00:47 Sources 1

About this happening: Microsoft disrupted **Fox Tempest**'s **malware-signing service** in **May 2026**, cutting off a criminal platform that helped ransomware gangs and other cybercriminals obtain tru...

Open Happening

ACSC ClickFix mitigation guidance for Vidar Stealer

Advisory/Mitigation
First: 07.05.2026 21:00 Last: 07.05.2026 21:00 Sources 1

How related: The ACSC recommends that organizations follow guidance issued in the alert to counter the threat of Vidar Stealer and other malware campaigns distributed by ClickFix attacks.

About this happening: The **ACSC** issued mitigation guidance for an **ongoing ClickFix campaign** that is pushing **Vidar Stealer** through **malicious PowerShell commands**, increasing credential-the...

Open Happening

QR code phishing surged across email threats in Q1 2026

Target Trend
First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....

Open Happening

Snow malware suite deployment by UNC6692

Malware Activity
First: 25.04.2026 18:07 Last: 25.04.2026 18:07 Sources 1

About this happening: UNC6692 has deployed the **Snow** malware suite through **social engineering**, creating a stealthy path to **credential theft** and **domain compromise**. The operation uses **em...

Open Happening

Timeline

  1. 07.05.2026 03:00 2 articles · 20d ago

    ACSC warns of ClickFix-delivered Vidar Stealer campaign

    Initial Disclosure

    The Australian Cyber Security Centre warned on May 7, 2026 that a ClickFix-based campaign was delivering Vidar Stealer to infrastructure and organizations across multiple sectors through compromised WordPress sites and fake CAPTCHA prompts; the malware targets Microsoft Windows users, steals usernames, passwords, credit card data, cryptocurrency wallets, browser history, and MFA tokens, and uses self-deletion and memory-based operation to hinder detection.

    Show sources
    Open in new tab