importantSYS.SOURCE: The Hacker News• 2026-07-17T14:26:39+05:30
ACR Stealer Exploits ClickFix Lures to Extract Browser Tokens and Microsoft 365 Data
ACR Stealer uses ClickFix lures to deliver fileless malware that steals browser tokens and Microsoft 365 files through user-initiated Run dialog commands. The attack employs memory-resident execution and blockchain-based C2 communication without exploiting vulnerabilities.
ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders.
It gets in because someone pasted a command into a Run box and pressed Enter. Microsoft laid out two of the delivery chains on Thursday. Its Defender Experts team, the
*** END OF TRANSMISSION ***