惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
DataBreaches.Net
Apple Machine Learning Research
Apple Machine Learning Research
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
SegmentFault 最新的问题
博客园 - 聂微东
罗磊的独立博客
W
WeLiveSecurity
博客园_首页
Scott Helme
Scott Helme
V
Visual Studio Blog
T
The Exploit Database - CXSecurity.com
G
Google Developers Blog
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
L
Lohrmann on Cybersecurity
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
A
About on SuperTechFans
F
Full Disclosure
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - 司徒正美
博客园 - Franky
C
CXSECURITY Database RSS Feed - CXSecurity.com
F
Fortinet All Blogs
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
阮一峰的网络日志
阮一峰的网络日志
S
Schneier on Security
雷峰网
雷峰网
博客园 - 【当耐特】
P
Privacy International News Feed
C
Cyber Attacks, Cyber Crime and Cyber Security
Engineering at Meta
Engineering at Meta
aimingoo的专栏
aimingoo的专栏
MongoDB | Blog
MongoDB | Blog
J
Java Code Geeks
T
Tor Project blog
V
V2EX
爱范儿
爱范儿
C
Check Point Blog
T
Threatpost
Project Zero
Project Zero
量子位
V
Vulnerabilities – Threatpost
Know Your Adversary
Know Your Adversary
I
Intezer
G
GRAHAM CLULEY
P
Privacy & Cybersecurity Law Blog
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com

Consumer Insights

The ransomware negotiator who was working for the other side After years on the run, alleged Ryuk ransomware operator pleads guilty INTERPOL crackdown shows scammers shifting to social media Meta lets strangers remix your public Instagram photos with AI—here’s how to opt out Invited to a "job interview" with Netflix or OpenAI? Beware! Your Google password could be at risk Two arrested over credit card phishing - as the Netherlands is named Europe's worst for payment fraud India pauses WhatsApp username feature over security concerns Alleged teen ransomware hustler faces US charges after arrest in Finland WhatsApp usernames explained: how to reserve yours and stay safe Scammers race to cash in on Venezuelan earthquake disaster USB drives carrying China-linked malware infected Japanese military networks for nearly a year WhatsApp tests new safety prompt before you chat with strangers Social media is worth celebrating. It's also worth protecting. Polish police dismantle SIM-swap gang accused of crypto theft Operation Endgame deals fresh blow to StealC and Amadey malware networks Hacker hijacks Brazil's national alert system, sending "misanthropy" to millions of phones Cybercrime now rivals traditional crime across parts of Asia Apple's Hide My Email tweak leaves privacy fans fuming Americans lost $3.5 billion to imposter scams last year — and the scams are getting harder to spot Scammers have killed the physical Steam Gift cards Crypto investment scam sends couriers to collect victims' cash, FBI warns Maine forced to take down data breach portal after fake notices filed with authorities Privacy own-goal: World Cup blunder leaks Lionel Messi's passport details Why schools remain one of cybercriminals' favourite targets WhatsApp detects new spyware activity from Israel’s NSO Group despite court order Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 Europol cracks down on illegal streaming globally Hackers didn't hack Instagram; they just asked Meta AI FBI Warns Fans About FIFA Scams Ahead of 2026 World Cup Virtual knife, real lawsuit: Counter-Strike skin dispute ends in court As Deepfakes Spread, YouTube Makes AI Labels Harder to Miss Carnival breach exposes data of nearly 6 million people Police arrest man following hack of Ajax football club MyPillow listed on ransomware gang's leak site, but denies it has been breached FBI warns criminals impersonating IT support to breach law firms FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required Telecom Executives Plead Guilty to Tech Support Fraud 7-Eleven data breach exposes data of 185,000 people ASIC Warns Australians About Crypto Trading Scams Google Search AI Mode brings a major overhaul Deleted Google API keys may remain active for 23 minutes Ukrainian police identify perp in $721k infostealer scheme Steam removes horror game after malware steals player data FBI: Crypto ATM Scams Keep Growing as Americans Lose Millions FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Scam Centers Under Pressure as INTERPOL Makes More Arrests FBI Warns Older Adults Lost Billions to Scammers Burst Statistics WordPress flaw under attack Android 17 Will Let Users Verify Whether Their OS Is Legit Suspected Dream Market kingpin arrested after gold bars sent to his home address BitLocker zero-day exposes Windows drives as PoC goes public Apple Fixes ‘Persistent Notifications’ Flaw on Older iPhones Football Ticket Scams Are Rising Fast, Lloyds Bank Warns When ransomware gets physical: cybercriminals turn to threats of violence iPhone-to-Android Texts Are Now Encrypted (RCS Messaging) UK Water Supplier Fined Nearly £1 Million After Hackers Roamed Networks for Almost 2 Years Instagram Drops Encrypted DMs — What This Means for You New fear: Man films woman with smart glasses, seeks money to take video down Inside Department 4: Russia's secret school for hackers Ubuntu’s new AI dreams attracted a very old-fashioned crypto scam on X Chrome 4GB AI model: What weights.bin does Sri Lanka makes 37 arrests as it raids another scam centre DAEMON Tools Lite breach prompts urgent update after malware-laced installer Brits Lost £102 Million to Romance Scams Last Year The Online Safety Act Is Changing the Internet for Kids World Password Day 2026 How Hackers Stole and Sold Roblox Accounts for $250,000 Before Getting Caught Four Years in Prison for Cybersecurity Pros Turned Ransomware Attackers Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition 276 Arrested in Crypto Scam Crackdown Popular WordPress redirect plugin found with years-old backdoor Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats Alleged Silk Typhoon hacker extradited to the United States to face charges FTC: Social Media Scams Cost Americans $2.1 Billion in 2025 French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches iOS Flaw Exposed ‘Deleted’ Signal Messages Sony Starts Enforcing PlayStation Age Verification; UK and Ireland Are First Ransomware ‘Negotiator’ Faces 20 Years in Prison for Allegedly Betraying His Employers You’ve Got Mail and It’s Tracking Your Warship Crypto Investment Scam Costs Woman in Hong Kong Nearly $1 Million Operation PowerOFF warns 75,000 DDoS users Singer loses life savings to fake wallet downloaded from the Apple App Store AgingFly malware targets Ukraine government, hospitals 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data FBI: Cybercrime Losses Hit $21 Billion in 2025, Fueled by AI Life imprisonment for Cambodian scam compound operators - but will it make a difference? Fake Claude Code leak on GitHub spreads Vidar malware Apple Expands ‘DarkSword’ Patch to More iPhones and iPads Nigerian romance scammer jailed after being caught out by fellow fraudster Fake WhatsApp Clone Used in Spyware Campaign, Meta Warns Fake CERT-UA emails spread AGEWHEEZE in ukraine Alleged RedLine malware developer extradited to United States The Scam That Tricks You Into Infecting Your Own Mac Iranian hackers breach FBI director's personal email, and post his CV and photos online Don't Ignore This Security Alert Apple Sent to iPhone Lock Screens Meta and YouTube Designed Addictive Platforms, Jury Finds TikTok Business phishing campaign targets advertisers Lapsus$ claims AstraZeneca breach exposes code and credentials How one man used 10,000 bots to steal $8,000,000 from music artists
ClickFix Campaign Uses Compromised WordPress Sites to Spread Vidar Stealer in Australia
Filip TRUȚĂ · 2026-05-08 · via Consumer Insights

Cybercriminals are increasingly relying on social engineering instead of traditional exploits, and Australian authorities are warning that a spreading “ClickFix” campaign is a prime example.

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued an advisory about an ongoing malware campaign targeting Australian infrastructure and organizations through compromised WordPress websites. The attacks use fake CAPTCHA or Cloudflare verification prompts to trick users into infecting their own systems with Vidar Stealer malware.

Key takeaways

  • The ACSC is warning that threat actors are using compromised WordPress sites to distribute Vidar Stealer malware.
  • The campaign relies on the “ClickFix” social engineering technique, which tricks users into manually executing malicious commands.
  • Victims are shown fake Cloudflare or CAPTCHA verification pages that copy malware commands to the clipboard.
  • Vidar Stealer targets passwords, browser cookies, cryptocurrency wallets, and other sensitive information.
  • ClickFix campaigns are spreading rapidly because they bypass many traditional security controls by exploiting user trust instead of software vulnerabilities.

What is ClickFix?

ClickFix is a relatively new social engineering tactic that has gained traction among cybercriminals over the past two years. Instead of silently exploiting vulnerabilities, attackers persuade users to run malicious commands themselves.

Typically, victims encounter a fake verification page masquerading as a CAPTCHA, browser check, or Cloudflare protection screen. The page instructs users to copy and paste a command into Windows Run, PowerShell, or Terminal to “verify” they are human or resolve a supposed technical issue.

In the campaign flagged by the ACSC, attackers compromised legitimate Australian WordPress websites and injected them with malicious JavaScript. Once users visit the sites, they are redirected to fake verification prompts that deliver the malware chain.

Microsoft has warned that ClickFix attacks have become increasingly popular because they rely on “human intervention” rather than traditional malware delivery techniques, helping attackers evade some automated defenses.

Vidar Stealer remains a major threat

The payload delivered in this campaign is Vidar Stealer, a malware-as-a-service (MaaS) information stealer active since 2018.

Vidar is designed to harvest:

  • Saved browser credentials
  • Session cookies
  • Cryptocurrency wallet data
  • Autofill information
  • System details
  • Files from infected devices

The malware is especially dangerous because stolen browser session cookies sometimes let attackers bypass passwords and even multi-factor authentication sessions. Once collected, the data is typically sold on cybercrime marketplaces or used in follow-on attacks.

According to the ACSC, Vidar tries to reduce forensic traces by deleting its executable after launching and operating primarily in memory. The malware retrieves command-and-control infrastructure through “dead-drop” resolvers hosted on legitimate services such as Telegram bots and Steam profiles.

Compromised WordPress sites are fueling the campaign

Security researchers have observed a broader global trend involving the weaponization of compromised WordPress sites to deliver ClickFix malware.

Researchers said they identified more than 250 infected websites across at least 12 countries, including Australia, the United States, the United Kingdom, Germany, and Canada. Many of the sites belonged to legitimate businesses and organizations, increasing the credibility of the malicious prompts shown to visitors.

Attackers may be gaining access through stolen administrator credentials, exposed admin panels, vulnerable plugins, or weak password protections. The scale and automation of the campaign point to an organized criminal operation rather than opportunistic attackers.

Why these attacks work so well

ClickFix attacks exploit something security tools often struggle to detect: user behavior.

Instead of downloading a malicious attachment or exploiting a browser vulnerability, the victim willingly executes the malicious command. That makes the activity look more legitimate and can help attackers bypass security filters and endpoint protections.

The fake CAPTCHA and Cloudflare prompts also capitalize on familiarity. People encounter verification checks constantly online, making the malicious requests appear routine and trustworthy.

How to stay safe

Organizations and individuals should treat any website asking them to manually run commands on their systems as a major red flag.

Security experts recommend users:

  • Never copy and run commands from websites you don’t fully trust
  • Keep WordPress installations, plugins, and themes fully updated
  • Use strong, unique passwords and enable multi-factor authentication for admin accounts
  • Restrict PowerShell and scripting tools where possible
  • Train employees to recognize fake CAPTCHA and verification prompts
  • Use layered security solutions that can detect infostealers and suspicious behavior

Because info-stealing malware is designed to silently harvest credentials and session tokens, early detection is critical. A modern security solution with anti-phishing, web protection, and behavioral threat detection can help stop these attacks before sensitive data is compromised.

You may also want to read:

The Scam That Tricks You Into Infecting Your Own Mac

Four Years in Prison for Cybersecurity Pros Turned Ransomware Attackers

FBI: Cybercrime Losses Hit a Record $21 Billion Last Year, Fueled by AI