The ACSC warns of an active campaign using the ClickFix social engineering technique to distribute Vidar Stealer malware, where users are tricked into executing malicious PowerShell commands via fake CAPTCHA prompts on compromised WordPress sites. The malware operates in-memory to steal credentials and cryptocurrency data, retrieving C2 addresses from public dead-drop services. Mitigation recommendations include restricting PowerShell execution, implementing application allow-listing, and ensuring WordPress sites and plugins are fully updated.
Malware Australian organizations warned of Vidar Stealer malware campaign using ClickFix technique May 8, 2026 Share By SC Staff Bleeping Computer reports that the Australian Cyber Security Center (ACSC) has issued a warning to organizations about an ongoing campaign that utilizes the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware. The ClickFix technique tricks users into executing malicious PowerShell commands, often through fake CAPTCHA or browser verification prompts on compromised websites, particularly those hosted on WordPress. These prompts instruct users to manually execute commands that bypass security controls and deliver malware. Vidar Stealer, an information-stealing malware that emerged in late 2018, targets sensitive data such as passwords, cryptocurrency wallets, and system details. It operates from memory after execution, leaving minimal forensic artifacts. The malware retrieves command-and-control addresses through "dead-drop" URLs on public services like Telegram bots and Steam profiles. The ACSC recommends restricting PowerShell execution, implementing application allow-listing, and ensuring WordPress sites are updated with the latest security patches for themes and plugins to mitigate these threats. Source: Bleeping Computer SC Staff Related Malware New Quasar Linux implant targets developers with rootkit and backdoor capabilities SC Staff May 8, 2026 QLNX is designed for stealth and long-term persistence, operating in-memory and employing multiple techniques to evade detection, including log wiping, process spoofing, and the use of seven distinct persistence mechanisms. Ransomware Iranian threat group used Chaos ransomware as a ‘false flag,’ researchers say Laura French May 7, 2026 The purported ransomware attack did not encrypt files and used infrastructure tied to MuddyWater. Security Operations DAEMON Tools installers compromised in new supply chain attack SC Staff May 6, 2026 The attack involved tampering with three core DAEMON Tools components: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Adware You can skip this ad in 5 seconds