VMTech
+381 11 4183 54024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

ACR Stealer attacks via ClickFix: steals tokens, Microsoft 365 documents and OneDrive files

ACR Stealer attacks via ClickFix: steals tokens, Microsoft 365 documents and OneDrive files

Colleagues, I’d like to draw your attention to a cybersecurity development.

ACR Stealer is being delivered through ClickFix-style prompts: all it takes is pasting a command into Run and pressing Enter.

From there, attackers can harvest saved browser passwords, live session tokens, PDFs and Microsoft 365 documents, as well as files from OneDrive and SharePoint.

The attack chains involve mshta.exe, WebDAV, PowerShell and Python, while part of the malicious activity runs in memory, leaving little visible trace on disk.

Why it matters: there is no CVE here, so protection depends not on patching, but on controlling user actions and restricting the launch of risky utilities.

How do you protect users from paste-and-run attacks?

#cybersecurity #infostealer #Microsoft365 #SOC

Current metrics
0Views
0Reach
0Likes
0Comments
0Saved
0Shares

Latest comments

No comments yet.

Instagram

ACR Stealer attacks via ClickFix: steals tokens, Microsoft 365 documents and OneDrive files

Open the post on Instagram ↗