Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
New MacOS Malware Targets Crypto Wallets with ClickFix

New MacOS Malware Targets Crypto Wallets with ClickFix

Posted on April 9, 2026 By CWS

A recent cybersecurity threat has emerged, targeting MacOS users with cryptocurrency wallets exceeding $10,000. Known as notnullOSX, this info-stealer malware employs sophisticated tactics to infiltrate systems, including social engineering through ClickFix and harmful DMG files.

Origins and Evolution of notnullOSX

Initially developed by the coder 0xFFF in 2022, notnullOSX was discussed in underground forums as a potential MacOS threat. Following a controversial exit in 2023, 0xFFF resurfaced under a new identity in 2024, offering a new version of the malware for $400 monthly.

Moonlock Lab researchers identified the first instances of notnullOSX in March 2026 across Vietnam, Taiwan, and Spain. The malware is specifically designed to target victims through a detailed submission form that includes personal and financial information.

Infection Methodologies and Distribution Channels

The infection process begins with a deceptive Google document, prompting users to execute commands via ClickFix or to download a compromised DMG file. Both methods result in the installation of the malware without alerting security systems.

Distribution efforts extend to a phony product page for a wallpaper app, WallSpace, and promotional videos on a hijacked YouTube channel, suggesting the use of paid advertising strategies to reach a broader audience.

Technical Capabilities and User Risks

notnullOSX presents a significant threat by exploiting MacOS’s TCC framework, leading users to unknowingly grant Full Disk Access. This permission allows the malware to access sensitive data such as messages and browser cookies without further alerts.

The malware features a modular design, downloading specific components for various data theft tasks, including iMessage, Apple Notes, and cryptocurrency wallet data. One module, ReplaceApp, can replace legitimate wallet apps with malicious versions to capture sensitive data.

To mitigate these risks, security experts advise blocking known C2 domains, scrutinizing Full Disk Access requests, and monitoring system directories for suspicious files. Users should remain vigilant by avoiding suspicious terminal commands and verifying app permissions regularly.

For ongoing updates on cybersecurity threats, follow us on Google News, LinkedIn, and X, and set us as a preferred source on Google.

Cyber Security News Tags:Apple, ClickFix, crypto theft, crypto wallets, Cybersecurity, info-stealer, macOS, malicious DMG, Malware, Moonlock Lab, Security, TCC bypass

Post navigation

Previous Post: Palo Alto Networks & SonicWall Fix Critical Security Bugs
Next Post: UAT-10362: LucidRook Malware Targets Taiwanese NGOs

Related Posts

Weaponized PyPI Package Steals Solana Private Keys Via Supply Chain Attack Weaponized PyPI Package Steals Solana Private Keys Via Supply Chain Attack Cyber Security News
WhatsApp Enhances Security with Optional Account Password WhatsApp Enhances Security with Optional Account Password Cyber Security News
Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data Cyber Security News
5 Deception Solutions that are Changing the Cybersecurity Game  5 Deception Solutions that are Changing the Cybersecurity Game  Cyber Security News
Fortinet Patches Critical Vulnerabilities in Key Products Fortinet Patches Critical Vulnerabilities in Key Products Cyber Security News
NPM Package Steals OpenAI Codex Tokens NPM Package Steals OpenAI Codex Tokens Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Microsoft Addresses Crucial Zero-Day in Defender
  • Data Breach at Mount Royal University Revealed
  • Microsoft Secures Defender Against Critical Privilege Flaw
  • Helix Group Exploits Phishing to Access SharePoint Data
  • AI Tools Vulnerable to Classic Hacking Tactic

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Microsoft Addresses Crucial Zero-Day in Defender
  • Data Breach at Mount Royal University Revealed
  • Microsoft Secures Defender Against Critical Privilege Flaw
  • Helix Group Exploits Phishing to Access SharePoint Data
  • AI Tools Vulnerable to Classic Hacking Tactic

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark