ClickLock: macOS malware coerces password entry to steal data and plant a backdoor

TL;DR Summary
A new macOS information-stealing malware named ClickLock uses social engineering and a fake Cloudflare verification to force users into typing their system login password, exfiltrates credentials, browser data and wallet information, and installs a persistent backdoor via two LaunchAgent components; it suppresses notifications, runs password-dialog loops for hours or days, and uploads stolen data through Telegram while maintaining persistence for weeks, with infections in 33 countries and at least 100 observed since May. Defenders are advised to avoid pasting unknown Terminal commands and to boot into Safe Mode if prompted for a password.
- New ClickLock macOS malware traps users into revealing login password BleepingComputer
- ClickLock Stealer: Paste Once, Lose Everything Group-IB
- Watch out: New ‘CrashStealer’ Mac malware could nab your passwords Macworld
- New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password The Hacker News
- C'mon, just copy this text string and paste it into your macOS Terminal – it'll fix your computer, honest The Register
Reading Insights
Total Reads
1
Unique Readers
6
Time Saved
6 min
vs 6 min read
Condensed
92%
1,194 → 93 words
Want the full story? Read the original article
Read on BleepingComputer