A recent campaign has seen the exploitation of compromised WordPress sites to distribute the Vidar infostealer malware. Cybercriminals utilize fake CAPTCHA pages to trick users into executing malicious commands that initiate the infection chain. Vidar is known for stealing sensitive data, including passwords and cryptocurrency wallets. The malware operates through an HTA script that downloads an MSI installer, leading to the installation of the Vidar infostealer.
As prevention, users are advised to avoid running commands from untrusted sources, verify instructions independently, and maintain updated security software. Indicators of compromise include several domains associated with the fake CAPTCHA infrastructure.