Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
New macOS Malware Forces Password Handover

New macOS Malware Forces Password Handover

Posted on July 16, 2026 By CWS

Introduction to ClickLock Stealer

A newly identified macOS malware, known as ClickLock Stealer, has emerged with a disruptive tactic to obtain a user’s login password. This infostealer operates by terminating applications in a continuous cycle until the victim enters their password. Typically introduced through a command in Terminal, this malware disguises itself with a fake system prompt. If the user opts to cancel, it proceeds by installing two LaunchAgents before silently exiting.

During subsequent logins, critical components like Finder, Dock, and major browsers are systematically shut down every 210 milliseconds for a duration of up to 83 hours. This relentless cycle persists until the password is entered, granting the attacker access to sensitive data, including the user’s Keychain, browser credentials, and cryptocurrency wallets.

Global Impact and Technical Insights

According to Group-IB, a cybersecurity firm tracking this threat, ClickLock Stealer has targeted at least 100 individuals across 33 countries since May, with a significant concentration in Europe. Their analysis suggests the malware is still in development, evidenced by its code structure. Notably, when first analyzed on VirusTotal, the orchestrator script had no detections.

The comprehensive payload, however, remains elusive. While Group-IB has mapped the full payload chain, the initial lure pages remain unidentified. The Indicators of Compromise (IOCs) include three compromised payload hosts, yet none of the lure domains have been confirmed.

Operational Tactics and User Impact

The ClickLock Stealer’s operators, upon a successful attack, secure the validated macOS login credentials, Chrome’s Safe Storage AES key, and a ZIP archive containing browser credentials, password manager vaults, and other critical data. The Safe Storage key is particularly valuable as it enables offline decryption of Chrome’s stored passwords and cookies.

Users encountering this malware are advised to immediately revoke active browser sessions and consider all saved passwords, cookies, and wallet keys compromised. Prompt password changes are recommended to mitigate potential damage.

Defensive Measures and Ongoing Threats

Apple attempted to address such threats with security enhancements in macOS 26.4, released in March. This update introduces warnings for suspicious Terminal paste activity and blocks known malware. However, these measures are conditional; the warning only triggers for users who infrequently use Terminal, and a bypass option remains available.

Despite these efforts, ClickLock Stealer continues to exploit vulnerabilities. It leverages a coercive loop that aggressively terminates applications, with no legitimate justification for this behavior, as noted by Group-IB. Users are advised to prioritize safe computing practices and remain vigilant against such sophisticated threats.

Conclusion and Future Outlook

The emergence of ClickLock Stealer underscores the evolving sophistication of macOS-targeted malware. As attackers refine their tactics, cybersecurity experts stress the importance of robust protective measures and user awareness. Group-IB’s ongoing investigations aim to further unravel this malware’s complexities, providing vital insights to bolster defenses against future incursions.

The Hacker News Tags:Apple security, ClickFix, ClickLock Stealer, cyber attack, Cybersecurity, data breach, Finder, Group-IB, Hacking, InfoStealer, LaunchAgents, macOS, macOS security, Malware, password theft, Terminal

Post navigation

Previous Post: Mac Malware Exploits Telegram Sessions for Unauthorized Access
Next Post: AI Data Centers Face Security Challenges Amid Rapid Growth

Related Posts

Weekly Cybersecurity Update: Major Breaches and Vulnerabilities Weekly Cybersecurity Update: Major Breaches and Vulnerabilities The Hacker News
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution The Hacker News
0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves The Hacker News
You Didn’t Get Phished — You Onboarded the Attacker You Didn’t Get Phished — You Onboarded the Attacker The Hacker News
Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider The Hacker News
Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical SonicWall Vulnerability Exploited by Hackers
  • The Challenges of OT Security in a Converging IT World
  • n8n Token Flaw Allows Unauthorized User Access
  • WhatsApp Scam: How GhostPairing Endangers Accounts
  • AI Data Centers Face Security Challenges Amid Rapid Growth

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical SonicWall Vulnerability Exploited by Hackers
  • The Challenges of OT Security in a Converging IT World
  • n8n Token Flaw Allows Unauthorized User Access
  • WhatsApp Scam: How GhostPairing Endangers Accounts
  • AI Data Centers Face Security Challenges Amid Rapid Growth

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark