Ethical Hacking News
Australia's cyber security center has issued a warning about an ongoing malware campaign using the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware, targeting organizations and infrastructure entities across Australia.
ACSC warns of ongoing ClickFix malware campaign using social engineering tactics. ClickFix technique tricks users into executing malicious commands through fake CAPTCHA prompts. Vidar Stealer malware family targets sensitive data like browser passwords, cookies, and system details. The ACSC recommends restricting PowerShell execution, implementing application allow-listing, and updating WordPress themes and plugins.
Australia's cyber security center, the Australian Signals Directorate's (ASD) Australian Cyber Security Center (ACSC), has issued a warning to organizations and infrastructure entities across the country, cautioning them of an ongoing malware campaign using the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware. The ACSC advisory, which was released on May 7, 2026, provides critical information for organizations to take necessary precautions against these attacks.
The ClickFix attack technique is a sophisticated social engineering method that tricks users into executing malicious commands, usually through fake CAPTCHA or browser verification prompts displayed on compromised or malicious websites. The attackers use this tactic to bypass security controls and deliver malware, typically info-stealers, which target sensitive data such as browser passwords, cookies, cryptocurrency wallets, autofill information, and system details.
The Vidar Stealer malware family has been observed in ClickFix attacks, promoted through Windows fixes, TikTok videos, and GitHub. The malware emerged in late 2018 and gradually became a popular choice among cybercriminals due to its cost-effectiveness, ease of deployment, and broad data theft capabilities. The developer recently released a new version with upgraded capabilities.
The ACSC notes that Vidar Stealer deletes its executable after launching on the infected device and then operates from system memory, reducing forensic artifacts. It retrieves a command-and-control (C2) address via "dead-drop" URLs using public services like Telegram bots and Steam profiles, a tactic that has been widely used in the past but which remains effective.
To mitigate the risk of these attacks, the ACSC recommends several measures for organizations:
1. Restricting PowerShell execution to reduce the risk from these attacks.
2. Implementing application allow-listing to block malicious applications and limit the attack surface.
WordPress site administrators are also advised to apply available security updates for themes and add-ons, and to remove any unused themes/plugins from their platforms.
In addition to these measures, the ACSC provides indicators of compromise (IoCs) for these attacks, allowing organizations to set up defenses or detect intrusions. With this critical information, organizations can take proactive steps to protect themselves against the ongoing ClickFix attacks pushing Vidar Stealer malware.
Australia's cyber security center has issued a warning about an ongoing malware campaign using the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware, targeting organizations and infrastructure entities across Australia.
Related Information:
https://www.ethicalhackingnews.com/articles/Australia-Sound-the-Alarm-ClickFix-Attacks-Now-Pushing-Vidar-Stealer-Malware-ehn.shtml
https://www.bleepingcomputer.com/news/security/australia-warns-of-clickfix-attacks-pushing-vidar-stealer-malware/
Published: Thu May 7 13:07:06 2026 by llama3.2 3B Q4_K_M
