Threats Tagged 'acr stealer'
View all threats tagged with 'acr stealer'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'acr stealer'
Click on any threat for detailed analysis and mitigation recommendations
ACR Stealer: Two observed intrusion chains amid increased threat activity 0 Between late April and mid-June 2026, Microsoft observed increased activity of ACR Stealer malware targeting enterprise environments via ClickFix social engineering lures. The malware, linked to Amatera Stealer rebranding and offered as malware-as-a-service, was deployed through two distinct campaigns: one using WebDAV-delivered Python loaders with blockchain-based command-and-control, and another using fileless techniques with MSHTA and steganography-concealed payloads. The campaigns harvested browser credentials, authentication tokens, and sensitive documents, employing obfuscated PowerShell scripts, scheduled tasks, and in-memory execution to evade detection. Notable tactics included masquerading as legitimate software updates and leveraging Windows DPAPI for credential decryption. Join the discussion | AlienVault OTX General | 07/17/2026, 01:19:38 UTC Added: 07/18/2026, 08:55:18 UTC |
Showing 1 to 1 of 1 result