ACR Stealer is a malware-as-a-service threat that targets enterprise environments by stealing browser credentials, session tokens, and sensitive documents. The infection begins with a social engineering technique called ClickFix, which tricks users into pasting malicious commands into the Windows Run dialog or a terminal. Once executed, the malware targets Chromium-based browsers like Chrome and Edge to decrypt passwords and cookies using the Windows Data Protection API (DPAPI).
Source