ACRStealer is a malware family tracked across 2 threat clusters and 4 intelligence report mentions on ThreatCluster. First observed March 16, 2026; most recent activity May 26, 2026.
In May 2026, TrendAI™ Research reported on a cyber intrusion involving the ClearFake campaign, where threat actors utilized the EtherHiding technique to deliver payloads via smart contracts on the BNB Smart Chain…
A newly identified variant of ACRStealer is actively being deployed by HijackLoader, utilizing advanced techniques to evade detection and maximize data theft. This variant employs low-level syscall evasion, AFD-based…