Bleeping Computer reports that the Australian Cyber Security Center (ACSC) has issued a warning to organizations about an ongoing campaign that utilizes the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware.The ClickFix technique tricks users into executing malicious PowerShell commands, often through fake CAPTCHA or browser verification prompts on compromised websites, particularly those hosted on WordPress. These prompts instruct users to manually execute commands that bypass security controls and deliver malware. Vidar Stealer, an information-stealing malware that emerged in late 2018, targets sensitive data such as passwords, cryptocurrency wallets, and system details. It operates from memory after execution, leaving minimal forensic artifacts. The malware retrieves command-and-control addresses through "dead-drop" URLs on public services like Telegram bots and Steam profiles.The ACSC recommends restricting PowerShell execution, implementing application allow-listing, and ensuring WordPress sites are updated with the latest security patches for themes and plugins to mitigate these threats.Source: Bleeping Computer
