Cyber Warfare · Today's Signal

Microsoft warns of surge in ACR Stealer attacks on customers

Published 2026-07-18 · SAL Cyber Command Intelligence Network
Microsoft warns of surge in ACR Stealer attacks on customers

Microsoft has warned its customers of a spike in ACR Stealer infections, an infostealer malware family being used to harvest credentials, cookies, and stored payment data from infected machines. The alert comes directly from Microsoft, meaning this isn't a third-party researcher flagging a trend — it's the vendor telling its own installed base they're actively being targeted. Infostealers like ACR are the quiet workhorse of modern intrusion: they don't ransom anything, they don't announce themselves, they just sit on an endpoint and exfiltrate whatever session tokens, saved browser passwords, and autofill data they can find. That harvested data then gets sold or handed off to a second-stage actor — a ransomware crew, a business-email-compromise operator, an initial access broker — who does the actual damage weeks later using credentials that look completely legitimate because they are. The pattern with stealer surges is almost always the same: a spike in stealer telemetry today predicts a spike in

Sources: BLEEPINGCOMPUTER
SAL SENTRY — your private AI security operations center.24/7 watch on network, cloud, endpoints, and email. Flat $999/mo. Live in 48 hours.