New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

Summary

A new macOS infostealer named ClickLock Stealer has been identified that pressures victims into revealing their passwords by repeatedly terminating running applications. The malware is initiated via a command pasted into the Terminal and employs a fake system dialog to request the user's password.

IFF Assessment

FOE

This is bad news for defenders as it describes a new, aggressive macOS infostealer designed to exfiltrate user credentials.

Defender Context

Defenders should be aware of new macOS threats like ClickLock Stealer that employ social engineering and operational disruption tactics to compromise user credentials. User education on recognizing suspicious commands and fake dialogs is crucial, as is monitoring for unusual application termination patterns and the presence of unauthorized LaunchAgents.

Read Full Story →