'macOS users may face real, sophisticated threats that require neither exploits nor any elevated access to succeed': ClickLock Stealer tries to trick Apple users into revealing their passwords
- Group‑IB uncovers ClickLock, a new macOS‑focused infostealer using aggressive social engineering by spamming password prompts and terminating key apps every 210ms until victims comply
- Once credentials are obtained, it exfiltrates browser data, crypto wallets, password manager entries, FTP configs, and device info via Telegram Bot API
- Active since May 2026, spotted in 33 countries (mostly Europe), distributed via ClickFix campaigns, and initially undetected by security vendors until recently
Security researchers from Group-IB have uncovered a new infostealer targeting primarily macOS users in Europe.
Dubbed ClickLock, it is more of an annoying social engineering mechanism rather than a full-blown malware variant, constantly popping up a login prompt on the victim’s device, until they finally comply and share the credentials.
Every 210 milliseconds it terminates key apps on the device (Finder, Dock, TErminal, etc.), essentially making it useless. At the same time, it keeps prompting a password dialog on the screen,...
Copyright of this story solely belongs to techradar.com. To see the full text click HERE