A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer harvesting credentials, session cookies from 14 browsers, and funds from 16 cryptocurrency wallets. The attack uses fake CAPTCHA prompts directing victims to paste a curl command into Spotlight, affecting finance sector workers primarily in Asia. The campaign operates cross-platform (Windows and macOS) via user-agent filtering.
Safety
macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets
ClickFix attacks exploit fake CAPTCHA prompts to inject AppleScript stealers targeting credentials across 14 browsers and funds in 16 crypto wallets, primarily hitting finance workers in Asia.
Tuesday, April 21, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
safety