


















Security researchers at Jamf have uncovered a new ClickFix-style attack targeting Mac users via a fake Apple-themed webpage offering instructions on how to “reclaim disk space on your Mac”.
The malicious page (Source: Jamf)
ClickFix is a social engineering technique that cons victims into running malicious commands on their own machine, usually by pretending the commands are needed to fix a problem or perform routine upkeep.
This technique was initially aimed at Windows users, but in time, macOS and Linux users also started getting targeted.
“The go-to approach for ClickFix [macOS] techniques has long been convincing users to copy and paste malicious commands into Terminal under the guise of troubleshooting or routine system maintenance. Apple took direct aim at this in macOS 26.4, introducing a security feature that scans commands pasted into Terminal before they’re executed,” Jamf researchers noted.
For that reason, attackers have switched to using a browser-triggered workflow to launch Script Editor, a code editor for the AppleScript and Javascript for Automation scripting languages. (Both Terminal and Script Editor are installed by default on macOS.)
From the victims’ point of view, the attack looks like this:
Atomic Stealer is a subscription product, sold to criminals who then deploy it however they like. It’s capable of collecting system information, stealing data stored in Keychain (Apple’s built-in password management system), autofill data, passwords, cookies, and credit card information from browsers, cryptocurrency wallets, and more.
Jamf researchers have shared indicators of compromise related to this malware delivery campaign.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。