New macOS stealer campaign uses Script Editor in ClickFix attack

A new macOS malware campaign is distributing Atomic Stealer through a variation of the ClickFix attack technique, abusing the Script Editor to trick users into executing malicious commands in Terminal. This attack vector exploits social engineering by manipulating users into running attacker-controlled scripts, bypassing traditional security warnings. Atomic Stealer (AMOS) is a well-established macOS credential and data stealer capable of harvesting passwords, cryptocurrency wallets, and sensitive system information. Organizations with macOS infrastructure should warn users about this attack technique, enforce strict endpoint controls, and implement user awareness training to prevent execution of unsolicited scripts. The use of built-in system tools like Script Editor makes detection more challenging.

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. [...]

A new macOS malware campaign is distributing Atomic Stealer through a variation of the ClickFix attack technique, abusing the Script Editor to trick users into executing malicious commands in Terminal. This attack vector exploits social engineering by manipulating users into running attacker-controlled scripts, bypassing traditional security warnings. Atomic Stealer (AMOS) is a well-established macOS credential and data stealer capable of harvesting passwords, cryptocurrency wallets, and sensitive system information. Organizations with macOS infrastructure should warn users about this attack technique, enforce strict endpoint controls, and implement user awareness training to prevent execution of unsolicited scripts. The use of built-in system tools like Script Editor makes detection more challenging. A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. [...] A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. [...]