ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders.

It gets in because someone pasted a command into a Run box and pressed Enter. Microsoft laid out two of the delivery chains on Thursday. Its Defender Experts team, the

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Surviving the Mythos Era: Richard Bejtlich on the Case for NDR

Surviving the Mythos Era: Richard Bejtlich on the Case for NDR Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions

Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration

Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals Read on The Hacker News Source: The Hacker News