HackerFeeds

CyberSecurity News

ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

The Hacker News
· July 17, 2026

AI summary

ACR Stealer, an infostealer that has been in circulation since 2024, is stealing various sensitive data from enterprise networks, including browser passwords, session tokens, and Microsoft 365 documents. The malware is also accessing files from synced OneDrive and SharePoint folders. Initial access is gained when a user runs a command in the Run box. Microsoft's Defender Experts team has outlined two delivery chains used by the malware. The attack relies on social engineering tactics, specifically using ClickFix lures to trick users into executing the malicious command. The stolen data includes PDFs and other files stored in compromised accounts.

Read the full article at The Hacker Newsthehackernews.com/2026/07/acr-stealer-uses-clickfix-lures-to.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.