The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published an advisory warning of an infostealer campaign targeting Australian websites.
The ACSC said it has observed, “ClickFix associated activity leveraging WordPress-hosted infrastructure to distribute the Vidar Stealer malware”.
“This activity is targeting Australian infrastructure and organisations across multiple sectors,” the ACSC said in a 7 May advisory.
“The campaign uses compromised WordPress websites to redirect victims to malware delivery mechanisms.”
What is ClickFix
ClickFix is a social engineering technique first observed in 2024 and popular for a range of cyber criminal activities, from spreading malware to harvesting credentials.
The technique takes advantage of fake CAPTCHA puzzles to convince users to undertake a malicious action, such as running a command or script. It’s a popular technique, as the user-driven activity can often bypass some security measures.
“Since early 2026, ASD’s ACSC has become aware of a number of attacks targeting Australian networks, using websites belonging to legitimate Australian businesses as a part of the ClickFix attack vector,” the ACSC said.
In this instance, the ClickFix technique is being used to deliver the Vidar Stealer infostealer, a malware capable of harvesting credentials, crypto-wallet details, and browser data. The initial compromise of this data is often used for further malicious activity.
Vidar Stealer is capable of several evasion techniques to maintain persistence on a device, and, once installed, communicates regularly with its associated command-and-control infrastructure.
For more information on how to mitigate the issue, you can read the ASD’s ACSC advisory here.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.