Particle.news
Download on the App Store

Australia Warns of ClickFix Attacks Using Compromised WordPress to Push Vidar Stealer

The warning points to user‑driven command execution as a blind spot for many security tools.

Overview

  • ACSC, which issued an alert Thursday, says an active campaign targets Australian organizations across sectors using hacked WordPress sites as launchpads.
  • Victims see fake Cloudflare or CAPTCHA checks that tell them to copy a PowerShell command, and that manual step installs the Vidar info‑stealer.
  • Vidar focuses on Windows systems and steals browser passwords, cookies, crypto wallets, autofill data, and device details.
  • The malware deletes its file after launch and runs in memory, and it fetches its control address from public pages such as Telegram bots or Steam profiles.
  • The agency urges PowerShell restrictions and application allow‑listing, and it released indicators of compromise plus guidance to patch or remove risky WordPress themes and plugins.