Overview
- ACSC, which issued an alert Thursday, says an active campaign targets Australian organizations across sectors using hacked WordPress sites as launchpads.
- Victims see fake Cloudflare or CAPTCHA checks that tell them to copy a PowerShell command, and that manual step installs the Vidar info‑stealer.
- Vidar focuses on Windows systems and steals browser passwords, cookies, crypto wallets, autofill data, and device details.
- The malware deletes its file after launch and runs in memory, and it fetches its control address from public pages such as Telegram bots or Steam profiles.
- The agency urges PowerShell restrictions and application allow‑listing, and it released indicators of compromise plus guidance to patch or remove risky WordPress themes and plugins.