ADVERTISEMENT

MacOS users, beware: newly discovered stealthy stealer requires no exploits

The stealer focuses on Europe, where more than 50% of identified victims are located

mac-stealer-clicklock

Image by Cybernews.

Gintaras Radauskas
Gintaras Radauskas Senior Journalist
Jul 16, 2026 3 min read
Key takeaways:
Interestingly, the victim gets forced to follow the attack flow and enter a password, because otherwise malware locks the system usage by killing all visible processes,
Group-IB

Victims are forced to comply

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites
  • Tricks macOS users into initiating the infection via ClickFix
  • Forces the victim to enter the system password through fake dialogs
  • Starts acting as a “locker” when or if the victim tries to break the compromise flow and forces the victim to comply
  • Steals the victim’s passwords, browser data, and crypto wallets, sending everything to the attacker’s controlled bot via Telegram API
ADVERTISEMENT
mac-terminal-hook
The lesson for macOS users is pretty straightforward: never paste commands into Terminal from websites. Courtesy of Group-IB.

Never paste commands into Terminal from websites

Cloudflare, Google, and other services perform their verification entirely within the browser. Any page that instructs you to open Terminal, regardless of how professional it looks, is attempting to compromise your system.
Gintaras Radauskas
Senior Journalist
ADVERTISEMENT