New macOS stealer campaign uses Script Editor in ClickFix attack
Summary
A new campaign is targeting macOS users with the Atomic Stealer malware by employing a refined version of the ClickFix attack. This attack tricks users into executing commands within the Terminal application, leveraging macOS's Script Editor to achieve its malicious goals.
IFF Assessment
FOE
This campaign represents a new method for delivering malware to macOS users, increasing the potential attack surface and threat to systems.
Defender Context
Defenders should be aware of this evolving attack vector targeting macOS. Users need to be educated on social engineering tactics that prompt them to execute scripts or commands, and endpoint security solutions should be updated to detect Atomic Stealer and related malicious scripts.