ClickLock macOS infostealer forces a 210ms app-kill loop until password is entered

1 min read
Source: The Hacker News
ClickLock macOS infostealer forces a 210ms app-kill loop until password is entered
Photo: The Hacker News
TL;DR Summary

A new macOS infostealer named ClickLock pastes a command into Terminal, shows a fake system dialog, and—if the user cancels—installs LaunchAgents and starts relentless app-kill loops (every 210 ms) that disrupt Finder, Dock, SystemUIServer, NotificationCenter, and more for up to days until a password is typed. The captured credentials unlock Keychain, Chrome’s Safe Storage key, browser data, wallets, and other secrets, exfiltrated via three compromised domains and Telegram bots without a dedicated C2. Targets span at least 100 victims across 33 countries. Researchers urge revoking sessions, changing all credentials, and recovering in Safe Mode; Apple has started blocking some paste-based deliveries, but attackers continue to adapt.

Share this article

Reading Insights

Total Reads

0

Unique Readers

0

Time Saved

5 min

vs 6 min read

Condensed

91%

1,198106 words

Want the full story? Read the original article

Read on The Hacker News