
ClickLock: macOS malware coerces password entry to steal data and plant a backdoor
A new macOS information-stealing malware named ClickLock uses social engineering and a fake Cloudflare verification to force users into typing their system login password, exfiltrates credentials, browser data and wallet information, and installs a persistent backdoor via two LaunchAgent components; it suppresses notifications, runs password-dialog loops for hours or days, and uploads stolen data through Telegram while maintaining persistence for weeks, with infections in 33 countries and at least 100 observed since May. Defenders are advised to avoid pasting unknown Terminal commands and to boot into Safe Mode if prompted for a password.