Find notable cyber news and cases, enriched with sources, timelines, and signals.

ClickLock Stealer macOS forced-interaction infostealer activity

Malware Activity
First reported
Last updated
Happening score
H score 27
2 unique sources, 2 articles

Summary

Hide ▲

ClickLock Stealer is a macOS infostealer that uses a ClickFix-style paste into Terminal and a fake system dialog to coerce password entry. Group-IB said the malware hit at least 100 victims across 33 countries in about two months, with more than half in Europe. It can drop LaunchAgents if the prompt is canceled, then run a coercion loop that keeps killing apps and can lock the desktop for up to 83 hours while stealing the login password, Keychain material, browser data, and crypto wallets. Exfiltration runs through Telegram rather than dedicated C2, and the initial sample was uploaded to VirusTotal on June 9 with zero detections.

Related Happenings

ClickFix-based TELEPUZ distribution campaign

Campaign
H score35 First: 16.07.2026 15:50 Last: 16.07.2026 15:50 Sources 1

About this happening: The ClickFix-based TELEPUZ distribution campaign is pushing TELEPUZ through websites infected with lures, increasing the chance that victims run malicious commands and...

ClickLock ClickFix macOS targeting campaign

Campaign
H score33 First: 16.07.2026 15:33 Last: 16.07.2026 15:33 Sources 1

How related: According to new research from Group-IB published on June 16, the malware, dubbed ClickLock Stealer, has hit at least 100 victims across 33 countries in about two months, with more than half in Europe.

About this happening: Group-IB reported a ClickLock Stealer macOS campaign using ClickFix paste-a-command lures and coercive app-killing loops to force victims to enter passwords. The o...

CrashStealer macOS information stealer activity

Malware Activity
H score10 First: 13.07.2026 20:36 Last: 13.07.2026 20:36 Sources 1

About this happening: CrashStealer is a macOS information-stealing malware that was tracked in May and seen in attacks in early July. It impersonates Apple's crash-reporting tool by...

BusySnake Stealer Windows information-theft activity

Malware Activity
H score30 First: 03.07.2026 16:36 Last: 03.07.2026 16:36 Sources 1

About this happening: The BusySnake Stealer malware is being used against Windows systems to steal browser cookies, passwords, documents, screenshots, wallet files, and Telegram data, increasin...

ClickFix mitigation guidance for Windows and macOS

Defensive Guidance
H score34 First: 30.06.2026 15:00 Last: 30.06.2026 15:00 Sources 1

About this happening: Organizations are being urged to harden defenses against ClickFix on Windows and macOS, reducing the chance that social-engineering lures can turn trusted dialogs into...

Timeline

  1. 16.07.2026 15:33 3 articles · 2h ago

    ClickLock Stealer macOS forced-interaction infostealer activity

    Initial Disclosure

    The delivery phase uses a ClickFix-style paste into Terminal and a fake system dialog to push the victim toward running the payload. If the user cancels, the script drops LaunchAgents and exits before the coercion loop begins.

    Show sources