#6
The Hacker News
general
July 17, 2026 at 08:56 UTC
ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files
By [email protected] (The Hacker News)
AI Summary
ACR Stealer, an infostealer active since 2024, is being delivered via ClickFix lures that trick users into pasting malicious commands into the Windows Run dialog. Microsoft's Defender Experts team documented two delivery chains showing the malware exfiltrating saved browser passwords, live session tokens, PDFs, and Microsoft 365 documents including files synced from OneDrive and SharePoint.
Relevance score: 79.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →