ClickLock macOS infostealer forces a 210ms app-kill loop until password is entered

A new macOS infostealer named ClickLock pastes a command into Terminal, shows a fake system dialog, and—if the user cancels—installs LaunchAgents and starts relentless app-kill loops (every 210 ms) that disrupt Finder, Dock, SystemUIServer, NotificationCenter, and more for up to days until a password is typed. The captured credentials unlock Keychain, Chrome’s Safe Storage key, browser data, wallets, and other secrets, exfiltrated via three compromised domains and Telegram bots without a dedicated C2. Targets span at least 100 victims across 33 countries. Researchers urge revoking sessions, changing all credentials, and recovering in Safe Mode; Apple has started blocking some paste-based deliveries, but attackers continue to adapt.
- New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password The Hacker News
- ClickLock Stealer: Paste Once, Lose Everything Group-IB
- Watch out: New ‘CrashStealer’ Mac malware could nab your passwords Macworld
- C'mon, just copy this text string and paste it into your macOS Terminal – it'll fix your computer, honest The Register
- MacOS users, beware: newly discovered stealthy stealer requires no exploits Cybernews
Reading Insights
0
0
5 min
vs 6 min read
91%
1,198 → 106 words
Want the full story? Read the original article
Read on The Hacker News