Microsoft has detected a significant increase in ACR Stealer malware attacks targeting its enterprise customers. The malware steals browser-stored passwords, authentication tokens, and sensitive documents.
Microsoft security researchers identified a rising wave of ACR Stealer infections across its customer base. The malware operates by extracting credentials and authentication data stored in web browsers, creating a direct pathway to compromised accounts and sensitive corporate information.
ACR Stealer targets data commonly cached by browsers, including login credentials, session tokens, and cached authentication certificates. Once obtained, attackers can impersonate legitimate users and access protected systems and files without triggering standard security alerts.
The malware also harvests local documents from infected systems, enabling theft of confidential business files, intellectual property, and strategic information. This dual-pronged approach makes ACR Stealer particularly dangerous for organizations handling sensitive data.
Microsoft has not disclosed specific attack vectors or infection methods in its initial warning, but the surge suggests either improved distribution mechanisms or increased attacker interest in enterprise targets. The company recommends customers implement standard malware prevention measures, including endpoint detection and response (EDR) tools and browser security extensions that monitor for credential theft.
Enterprise customers are advised to reset credentials on compromised systems and audit access logs for unauthorized activity. Multi-factor authentication remains critical for limiting damage even if passwords are stolen.
The warning adds to growing concerns about password-stealing malware families targeting corporate networks. Similar threats have prompted renewed emphasis on credential security practices and zero-trust architecture principles across the industry.
Microsoft continues monitoring ACR Stealer activity and has committed to sharing additional technical details with customers and security partners as the investigation develops.
Over 100 organizations have criticized UK Home Office plans to deploy AI facial recognition technology to assess the age of young asylum seekers, citing risks of misidentification that could result in children being placed in adult detention facilities.
LG monitors are automatically installing software through Windows Update without explicit user consent, raising concerns about transparency and system autonomy. The discovery has sparked debate among users about hardware manufacturer practices.
Popular menstrual cycle tracking apps are collecting intimate health data and sharing it with third parties, according to privacy analysis. The practice raises concerns about reproductive health information ending up in corporate databases.
A cybercrime crew claims to have breached MyPillow, the bedding company owned by Mike Lindell. The group has not yet disclosed details about the scope of the breach or what data was accessed.