Widespread Vidar Stealer campaign exploiting ClickFix social engineering technique detected across Australian infrastructure

First reported

08.05.2026 14:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A malicious campaign leveraging the ClickFix social engineering technique has been identified by the Australian Cyber Security Centre (ACSC) targeting multiple sectors. The campaign distributes Vidar Stealer malware, primarily targeting Microsoft Windows users to exfiltrate sensitive data such as credentials, financial information, cryptocurrency wallets, and browser artifacts. Compromised WordPress sites redirect victims to malicious pages that exploit fake CAPTCHA prompts to trick users into executing malicious commands, bypassing traditional security controls. The ACSC assessment indicates this is a sustained, multi-vector intrusion campaign with active operations since at least May 7, 2026.

Timeline

08.05.2026 14:00 1 articles · 14h ago

ClickFix-based Vidar Stealer campaign detected across Australian infrastructure
A malicious campaign distributing Vidar Stealer malware via compromised WordPress sites and ClickFix social engineering was detected beginning May 7, 2026. The campaign leverages fake CAPTCHA prompts to trick users into executing malicious commands, enabling the malware to evade automated defenses through in-memory persistence and self-deletion of initial executables.
Show sources

Australian Cyber Security Centre Issues Alert Over ClickFix Attacks — www.infosecurity-magazine.com — 08.05.2026 14:00
Open in new tab

Information Snippets

Vidar Stealer is an infostealer active since 2018, designed to harvest credentials, financial data, cryptocurrency wallets, browser history, and MFA tokens from Windows systems.
First reported: 08.05.2026 14:00

1 source, 1 article
Show sources
- Australian Cyber Security Centre Issues Alert Over ClickFix Attacks — www.infosecurity-magazine.com — 08.05.2026 14:00
The campaign combines compromised WordPress sites with ClickFix social engineering to deliver Vidar Stealer payloads.
First reported: 08.05.2026 14:00

1 source, 1 article
Show sources
- Australian Cyber Security Centre Issues Alert Over ClickFix Attacks — www.infosecurity-magazine.com — 08.05.2026 14:00
ClickFix technique uses fake CAPTCHA prompts to coerce victims into manually executing malicious commands or scripts, bypassing automated detection mechanisms.
First reported: 08.05.2026 14:00

1 source, 1 article
Show sources
- Australian Cyber Security Centre Issues Alert Over ClickFix Attacks — www.infosecurity-magazine.com — 08.05.2026 14:00
Vidar Stealer employs in-memory persistence and self-deletion of initial executables to evade detection and removal.
First reported: 08.05.2026 14:00

1 source, 1 article
Show sources
- Australian Cyber Security Centre Issues Alert Over ClickFix Attacks — www.infosecurity-magazine.com — 08.05.2026 14:00

Summary

Timeline

ClickFix-based Vidar Stealer campaign detected across Australian infrastructure

Information Snippets