What Happened
ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into a Run box and pressed Enter. Microsoft laid out two of the delivery chains on Thursday. Its Defender Experts team, the
Why It Matters
The report says ACR Stealer is being delivered through ClickFix-style social engineering, where a user pastes a command into the Windows Run dialog and malware is launched. Microsoft says the campaigns steal browser credentials, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders.[1][2] RealGround analysis: the main security issue is data leakage through credential and document theft, which can also enable follow-on account compromise and cloud access if exposed tokens are not revoked.[1]
RealGround Analysis
This signal maps to data leakage. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.
Recommended Actions
- Restrict AI agent tool permissions and production write paths.
- Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
- Add human approval workflows for high-impact or state-changing actions.
- Run prompt injection and indirect prompt injection tests against affected workflows.
- Document the owner, control gap, and remediation deadline for this risk class.
Source
https://thehackernews.com/2026/07/acr-stealer-uses-clickfix-lures-to.html
