www.infosecurity-magazine.com 7/16/2026, 2:01:01 PM · external

ClickLock Stealer macOS malware steals passwords via fake commands

ClickLock Stealer macOS malware steals passwords via fake commands
Developing story malware 2 articles tracked
ClickLock macOS stealer malware steals passwords via social engineering
CyberSIXT Evidence Panel
Primary Source group-ib.com

A new macOS malware named ClickLock Stealer has been reported, utilizing social engineering to obtain user passwords. The malware exploits a command-pasting attack from compromised websites, employing a modular attack vector that includes credential theft from Chrome's Keychain and cryptocurrency wallet extraction. Victims are coerced via a kill loop that disables critical system functions until the correct password is entered.

The malware, affecting over 100 victims globally, uses Telegram for exfiltration and has sophisticated features, including a disguised reverse-shell tool. Group-IB advises users to refrain from executing commands from untrusted sites and to shut down their systems if targeted.

View Primary Source Via www.infosecurity-magazine.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline