North Korea Uses ClickFix to Target macOS Users' Data

North Korean threat actor Sapphire Sleet is actively targeting macOS users with ClickFix attacks, leveraging social engineering tactics including fake job offers and fraudulent Zoom software updates. The campaign aims to steal user credentials and exfiltrate sensitive data from compromised Mac systems. Organizations with macOS infrastructure should warn employees about suspicious job-related communications and software update prompts. Security teams should monitor for ClickFix indicators and enforce strict download policies to mitigate this state-sponsored threat.

Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.

North Korean threat actor Sapphire Sleet is actively targeting macOS users with ClickFix attacks, leveraging social engineering tactics including fake job offers and fraudulent Zoom software updates. The campaign aims to steal user credentials and exfiltrate sensitive data from compromised Mac systems. Organizations with macOS infrastructure should warn employees about suspicious job-related communications and software update prompts. Security teams should monitor for ClickFix indicators and enforce strict download policies to mitigate this state-sponsored threat. Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs. Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.