Australia warns of ClickFix attacks pushing Vidar Stealer malware

📅 7 May 2026 at 18:00 UTC📰 Bleeping ComputerView original source ↗

The Australian Cyber Security Center (ACSC) is warning organizations of an ongoing malware campaign using the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Australian organizations are being targeted by a ClickFix social engineering campaign distributing the Vidar Stealer malware, which steals browser passwords, cookies, and system details.

⚙️Technical Details

Affected Systems

WordPress websites

Attack Vectors

Compromised or malicious websites displaying fake Cloudflare verification or CAPTCHA promptsMalicious PowerShell commands executed by users

💥Impact Assessment

Severity: critical

Who Is at Risk

Australian organizations and infrastructure entities

🛡️Recommended Actions

1Restrict PowerShell execution

2Implement application allow-listing to reduce the risk from these attacks

3Apply available security updates for themes and add-ons, and remove unused themes/plugins

📦Affected Products

WordPress

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed