A new macOS malware named ClickLock Stealer has been reported, utilizing social engineering to obtain user passwords. The malware exploits a command-pasting attack from compromised websites, employing a modular attack vector that includes credential theft from Chrome's Keychain and cryptocurrency wallet extraction. Victims are coerced via a kill loop that disables critical system functions until the correct password is entered.
The malware, affecting over 100 victims globally, uses Telegram for exfiltration and has sophisticated features, including a disguised reverse-shell tool. Group-IB advises users to refrain from executing commands from untrusted sites and to shut down their systems if targeted.