THE macOS ClickFix AppleScript stealer, identified by Netskope Threat Labs as part of the Meow malware family, is an infostealer and remote access trojan targeting macOS users in technology, media, and business sectors across Asia, North America, and Oceania. This malware campaign employs deceptive websites, mimicking trusted brands, to execute malicious commands in the victim's terminal without leaving files on the hard drive.
The stealer collects a wide array of data including saved passwords, session cookies, and cryptocurrency wallet information. It utilizes a command-and-control server, allowing attackers to maintain persistent access and upload stolen data. Security measures include blocking known domains, monitoring terminal usage, and educating users on the dangers of pasting untrusted commands.