CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Shamos Infostealer Targeting Mac Devices via ClickFix Attacks

First reported
Last updated
3 unique sources, 8 articles

Summary

Hide ▲

Since June 2025, the COOKIE SPIDER group’s Shamos infostealer and Atomic macOS Stealer (AMOS) variants have targeted Mac devices via evolving ClickFix social engineering campaigns, stealing data and credentials from browsers, Keychain, Apple Notes, and cryptocurrency wallets. Early campaigns relied on malvertising, fake GitHub repositories, and signed Swift applications hosted on legitimate platforms like Cloudflare Pages and Squarespace. AMOS has been delivered through disk images, obfuscated shell scripts, and in-memory payloads, expanding from Terminal-based ClickFix tactics to abuse trusted macOS applications. In March 2026, Apple introduced a Terminal security feature in macOS Tahoe 26.4 that blocks pasted command execution and warns users of risks, disrupting ClickFix attack chains. A new campaign observed in April 2026 by Jamf researchers now abuses the built-in Script Editor application to bypass these protections. The campaign uses fake Apple-themed disk cleanup guides to trick users into launching Script Editor via the applescript:// URL scheme, executing an obfuscated payload in system memory that delivers Atomic Stealer. The new Script Editor-based ClickFix variation enables theft of Keychain data, browser autofill information, cryptocurrency wallet extensions, and system details without requiring Terminal interaction. AMOS continues to expand its capabilities, now including a backdoor component for persistent access to compromised systems.

Timeline

  1. 16.03.2026 13:41 2 articles · 24d ago

    ClickFix campaigns evolve to use legitimate platforms for distribution

    ClickFix campaigns have evolved to use legitimate platforms like Cloudflare Pages and Squarespace to host bogus installation instructions. The InstallFix variant of ClickFix tricks users into installing infostealer malware without needing additional pretexts. At least 20 distinct malware campaigns targeting AI and vibe coding tools have been identified, with nine affecting both Windows and macOS. The KongTuke TDS uses compromised WordPress websites and fake CAPTCHA lures to deliver the ModeloRAT trojan. ClickFix-style attacks have been used to distribute various malware families, including StealC Stealer, Vidar Stealer, Impure Stealer, and VodkaStealer. Apple’s Terminal security feature in macOS Tahoe 26.4 specifically targets the command execution stage of ClickFix attacks, reducing the risk of successful infections even when lures are hosted on legitimate platforms.

    Show sources
    Open in new tab
  2. 22.12.2025 22:43 7 articles · 3mo ago

    New MacSync variant bypasses macOS Gatekeeper checks

    Three distinct ClickFix campaigns have been identified distributing the MacSync infostealer via fake AI tool installers. The campaigns use various lures, including OpenAI Atlas browser and ChatGPt conversations, to trick users into executing malicious commands. The latest variant of MacSync supports dynamic AppleScript payloads and in-memory execution to evade detection. The shell script retrieves the AppleScript infostealer payload from a hard-coded server and removes evidence of data theft. The malware harvests credentials, files, keychain databases, and cryptocurrency wallet seed phrases. Apple’s Terminal warning system in macOS Tahoe 26.4 adds another layer of defense by disrupting the execution phase of ClickFix attacks, though the feature’s effectiveness depends on command analysis and user behavior. A new April 2026 campaign observed by Jamf researchers demonstrates attackers abusing the built-in Script Editor application to bypass Terminal protections. The campaign uses fake Apple-themed disk cleanup guides to prompt victims to launch Script Editor via the applescript:// URL scheme, executing an obfuscated payload in system memory that delivers Atomic Stealer (AMOS). The Script Editor variation does not require manual Terminal interaction, marking a significant evolution in ClickFix attack tactics. The current article provides additional technical detail on the Script Editor-based ClickFix attack flow and confirms its role in delivering AMOS while evading Terminal warnings.

    Show sources
    Open in new tab
  3. 22.08.2025 18:44 5 articles · 7mo ago

    Shamos infostealer targeting Mac devices via ClickFix attacks

    Since June 2025, Shamos infostealer has attempted infections in over three hundred environments. The malware, developed by the COOKIE SPIDER group, steals data and credentials from web browsers, Keychain, Apple Notes, and cryptocurrency wallets. It is distributed through ClickFix attacks using malvertising and fake GitHub repositories. The malware uses anti-VM commands, AppleScript for reconnaissance, and creates persistence through a Plist file. Apple’s March 2026 macOS Tahoe 26.4 update introduces a Terminal security feature that blocks pasting and executing potentially harmful commands and warns users of risks, directly targeting ClickFix attack vectors used in Shamos and related campaigns. A new April 2026 campaign observed by Jamf researchers demonstrates attackers abusing the built-in Script Editor application to bypass Terminal protections. The campaign uses fake Apple-themed disk cleanup guides to prompt victims to launch Script Editor via the applescript:// URL scheme, executing an obfuscated payload in system memory that delivers Atomic Stealer (AMOS). The Script Editor variation does not require manual Terminal interaction, marking a significant evolution in ClickFix attack tactics. The current article confirms the Script Editor-based ClickFix variation identified on April 8, 2026, and details its use of browser-triggered workflows to launch Script Editor and evade Terminal warnings.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Venom Stealer infostealer kit introduces continuous credential harvesting via malware-as-a-service model

A newly identified infostealer malware kit named Venom Stealer is offered as a malware-as-a-service (MaaS) subscription priced at $250 per month or $1,800 lifetime, enabling continuous credential harvesting and wallet cracking operations. The kit targets Windows and macOS systems via deceptive social engineering lures integrated into its operator panel, including fake Cloudflare CAPTCHA pages, OS update prompts, SSL certificate errors, and font installation pages. Victims are tricked into executing commands via Run dialog or Terminal, bypassing detection systems by appearing user-initiated. Upon execution, it extracts and exfiltrates browser credentials, session cookies, browsing history, autofill data, cryptocurrency wallet vaults, browser extension data, and system fingerprints from Chromium and Firefox browsers. Venom Stealer distinguishes itself by maintaining silent persistence through a background session listener that reports new credentials and wallet activity to command-and-control infrastructure twice daily, and by continuously monitoring Chrome's login database to capture newly saved credentials in real time. Exfiltrated cryptocurrency wallet data is processed by a server-side GPU cracking engine, with funds automatically transferred across multiple blockchain networks including tokens and DeFi positions, undermining password rotation and incident response efforts.

Open in new tab

Infinity Stealer macOS infostealer delivered via ClickFix CAPTCHA lures

A new macOS-targeting infostealer named Infinity Stealer is being distributed via ClickFix CAPTCHA lures impersonating Cloudflare’s human verification, leading victims to execute a base64-obfuscated Bash command that fetches and runs a Nuitka-compiled Python payload. The attack abuses a fake CAPTCHA on update-check[.]com to bypass OS defenses and install a Mach-O loader that extracts a zstd-compressed archive containing the stealer. Infinity Stealer harvests browser credentials, macOS Keychain entries, cryptocurrency wallets, and plaintext secrets from developer files, and exfiltrates data via HTTP POST to C2 with Telegram notifications to operators.

Open in new tab

Russian UNC6353 Uses Coruna and Darksword iOS Exploit Kits Across iOS 13–18.7 Targeting Financial Espionage and Data Theft

Apple has expanded security updates for iOS 18.7.7 and iPadOS 18.7.7 to protect devices still running iOS 18 from the DarkSword exploit kit, without requiring full OS upgrades. This follows continued exploitation of DarkSword since July 2025 across multiple countries, with attacks leveraging six vulnerabilities to deploy data-stealing malware like GhostBlade, GhostKnife, and GhostSaber through watering hole attacks on compromised websites. The campaign remains linked to Russian threat actor UNC6353 and associated groups including UNC6748 and Turkish vendor PARS Defense, with Coruna and Darksword exploit kits now confirmed as closely related frameworks sharing origins in the 2019–2023 Operation Triangulation campaign. Coruna has evolved from a precision espionage tool into a mass-exploitation framework with 23 exploits across five chains, while Darksword targets iOS 18.4–18.7 and has been publicly leaked on GitHub. Apple has patched all exploited flaws in recent releases (18.7.3, 26.2, 26.3.1), and CISA has mandated federal agencies patch three DarkSword-linked vulnerabilities (CVE-2025-31277, CVE-2025-43510, CVE-2025-43520) by April 3, 2026. The commoditization of these iOS exploitation tools elevates risk to end-users globally.

Open in new tab

Infostealer Malware Targets OpenClaw Configuration Files

Infostealer malware has been observed stealing OpenClaw configuration files containing API keys, authentication tokens, and other sensitive secrets. This marks the first known instance of such attacks targeting the popular AI assistant framework. The stolen data includes configuration details, authentication tokens, and persistent memory files, which could enable full compromise of the victim's digital identity. The malware, identified as a variant of the Vidar infostealer, executed a broad file-stealing routine that scanned for sensitive keywords. Researchers predict increased targeting of OpenClaw as it becomes more integrated into professional workflows. Additionally, security issues with OpenClaw have prompted the maintainers to partner with VirusTotal to scan for malicious skills uploaded to ClawHub, establish a threat model, and add the ability to audit for potential misconfigurations.

Open in new tab

341 Malicious ClawHub Skills Target OpenClaw Users with Atomic Stealer

A security audit by Koi Security identified 341 malicious skills on ClawHub, a marketplace for OpenClaw users, which distribute Atomic Stealer malware to steal sensitive data from macOS and Windows systems. The campaign, codenamed ClawHavoc, uses social engineering tactics to trick users into installing malicious prerequisites. The skills masquerade as legitimate tools, including cryptocurrency utilities, YouTube tools, and finance applications. OpenClaw has added a reporting feature and partnered with VirusTotal to scan skills uploaded to ClawHub, providing an additional layer of security for the OpenClaw community. The malware targets API keys, credentials, and other sensitive data, exploiting the open-source ecosystem's vulnerabilities. The campaign coincides with a report from OpenSourceMalware, highlighting the same threat. The intersection of AI agent capabilities and persistent memory amplifies the risks, enabling stateful, delayed-execution attacks. New findings reveal almost 400 fake crypto trading add-ons in the project behind the viral Moltbot/OpenClaw AI assistant tool can lead users to install information-stealing malware. These addons, called skills, masquerade as cryptocurrency trading automation tools and target ByBit, Polymarket, Axiom, Reddit, and LinkedIn. The malicious skills share the same command-and-control (C2) infrastructure, 91.92.242.30, and use sophisticated social engineering to convince users to execute malicious commands which then steals crypto assets like exchange API keys, wallet private keys, SSH credentials, and browser passwords. Additionally, fake OpenClaw installers hosted on GitHub and promoted by Bing AI instructed users to run commands that deployed information stealers and proxy malware. Threat actors set up malicious GitHub repositories posing as OpenClaw installers, which were recommended by Bing in its AI-powered search results. The malicious repositories contained shell scripts paired with Mach-O executables identified as Atomic Stealer malware for macOS users. For Windows users, the threat actor delivered OpenClaw_x64.exe, which deployed multiple malicious executables, including Rust-based malware loaders and Vidar stealer. Another Windows executable delivered was the GhostSocks backconnect proxy malware, designed to convert users' machines into proxy nodes.

Open in new tab