Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing

0
Medium
Malwaremacos
Published: 07/16/2026 (07/16/2026, 12:43:59 UTC)
Source: SecurityWeek

Description

The new macOS malware has targeted at least 100 users to steal their passwords and cryptocurrency. The post ‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing appeared first on SecurityWeek .

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/16/2026, 12:47:44 UTC

Technical Analysis

ClickLock Stealer is a macOS malware discovered by Group-IB that bypasses macOS security protections through social engineering and process killing. It targets web browsers, cryptocurrency wallets, password managers, macOS Keychain, FTP credentials, and shell history. Distribution likely involves SEO poisoning, social media, or compromised websites leading victims to execute a malicious bash command. The malware runs an orchestrator script that downloads four additional scripts for credential stealing, cryptocurrency stealing, Keychain access, and backdoor installation. It aggressively kills processes, including NotificationCenter, to suppress security warnings and forces victims to enter passwords via fake dialogs. The malware exfiltrates stolen data to a Telegram bot and maintains persistence via a backdoor. It does not use exploits or privilege escalation but relies on victim execution and coercion.

Potential Impact

The malware compromises user credentials, cryptocurrency wallets, and sensitive system data by coercing users to execute malicious scripts and grant access to protected resources. It can steal passwords stored in browsers and the macOS Keychain, harvest blockchain addresses, and capture FTP credentials and shell history. The backdoor installed allows persistent access to the compromised system. This results in significant data theft and potential financial loss for victims.

Mitigation Recommendations

No official patch or fix is available as this malware relies on social engineering and user execution rather than exploiting software vulnerabilities. Users should avoid executing untrusted commands in the Terminal and be cautious of suspicious websites or social media links. macOS built-in protections are bypassed by user consent and process killing, so user education and awareness are critical. Endpoint security solutions may help detect suspicious behavior but cannot prevent user-driven execution. Monitor for unusual process terminations and unexpected password prompts. Since the malware suppresses notifications, users should be vigilant for abnormal system behavior.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.securityweek.com/clicklock-stealer-bypasses-macos-security-with-social-engineering-process-killing/","fetched":true,"fetchedAt":"2026-07-16T12:47:35.644Z","wordCount":1217}

Threat ID: 6a58d2e768715ace430a40a1

Added to database: 07/16/2026, 12:47:35 UTC

Last enriched: 07/16/2026, 12:47:44 UTC

Last updated: 07/16/2026, 15:46:48 UTC

Views: 4

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses