The Australian Cyber Security Center (ACSC) is warning that Australian organizations are being targeted in a ClickFix campaign that uses fake verification prompts on compromised WordPress sites to deliver Vidar Stealer. The malware steals browser data, wallets, and system details while hiding its activity by deleting its executable and using memory-only execution. #AustralianCyberSecurityCenter #ACSC #ClickFix #VidarStealer #WordPress #Cloudflare
Keypoints
- ACSC detected an ongoing ClickFix campaign targeting Australian organizations and infrastructure entities.
- Attackers use compromised WordPress websites to show fake CAPTCHA or Cloudflare verification prompts.
- Victims are tricked into running malicious PowerShell commands that install Vidar Stealer.
- Vidar Stealer steals browser passwords, cookies, cryptocurrency wallets, autofill data, and system details.
- ACSC advises restricting PowerShell, using application allow-listing, and patching WordPress themes and plugins.