macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets
Summary
A new macOS ClickFix campaign is distributing an AppleScript-based infostealer. This malware is designed to steal credentials and live session cookies from 14 browsers, 16 cryptocurrency wallets, and over 200 browser extensions.
IFF Assessment
FOE
This campaign represents a direct threat to user credentials and financial assets, making it bad news for defenders.
Defender Context
Defenders should be aware of this campaign's focus on macOS and its reliance on social engineering (implied by ClickFix campaigns). Users should be educated on the risks of downloading and running untrusted scripts or applications, and endpoint security solutions should be updated to detect such AppleScript-based infostealers.