Start your day with intelligence. Get The OODA Daily Pulse.

Home > Briefs > Cyber > ‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing

‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing

A new macOS malware named ClickLock Stealer leverages social engineering and process killing to bypass the operating system’s protections and obtain valuable information from victims. Cybersecurity firm Group-IB came across ClickLock Stealer in early June, and the malware appears to have been around since at least late May. Researchers say it has targeted at least 100 users across 33 countries, more than half in Europe. The stealer is designed to collect various types of data from compromised systems, including web browsers, cryptocurrency wallets and wallet extensions, and password manager extensions. It can also harvest blockchain addresses from six chains and target the macOS Keychain, FTP credentials, and shell history. The stolen data is added to an archive file and exfiltrated to a Telegram bot. While Group-IB researchers could not definitively determine how ClickLock Stealer is distributed, they believe threat actors may have used SEO poisoning, social media posts, or compromised websites to lure victims to a ClickFix attack page disguised as a Cloudflare verification.

Full report : The new macOS malware has targeted at least 100 users to steal their passwords and cryptocurrency.

Tagged: macOS malware