ClickFix Malware Uses macOS Script Editor to Deliver Atomic Stealer | Jamf Threat Labs
Pulse ID: 6a01bf9727a2710cfb8bc472
Pulse Link: https://otx.alienvault.com/pulse/6a01bf9727a2710cfb8bc472
Pulse Author: CyberHunter_NL
Created: 2026-05-11 11:37:59
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Atomic #AtomicStealer #CyberSecurity #InfoSec #Mac #MacOS #Malware #OTX #OpenThreatExchange #bot #CyberHunter_NL
Punto Informatico: Attacco ClickFix: nuovo metodo per infettare i Mac
Invece del Terminale, i cybercriminali chiedono agli utenti di aprire lo Script Editor cliccando su un pulsante (viene così installato Atomic Stealer).
The post Attacco ClickFix: nuovo metodo per infettare i Mac appeared first on Punto Informatico.
ClickFix Attack: New Method for Infecting Macs
Instead of the Terminal, cybercriminals are asking users to open the Script Editor by clicking a button (this installs Atomic Stealer).
The post ClickFix Attack: new method for infecting Macs appeared first on Punto Informatico.
#ClickFixAttack #Terminal #AtomicStealer #first #PuntoInformatico
https://www.punto-informatico.it/attacco-clickfix-nuovo-metodo-infettare-mac/
MacOS ClickFix Attack Exploits Script Editor to Evade Apple Warnings
The cat-and-mouse game continues: after Apple added security warnings to Terminal, attackers behind the Atomic Stealer family adapted their ClickFix attack to exploit Script Editor instead. This latest move shows how adversaries constantly evolve to evade detection.
#Macos #ClickfixAttack #AtomicStealer #MalwareOperations #EmergingThreats
ah ben voilà, je me disais : quand est-ce que le bon vieux AppleScript allait être intégré dans les campagnes ClickFix visant macOS ?
Il aura fallu qu’Apple introduise sa nouvelle fonctionnalité de protection du copier/coller dans le Terminal
( d'ailleurs et comme d'hab 😁 « largement inspirée », par le travail de Patrick Wardle dans blockblock :
https://objective-see.org/blog/blog_0x87.html )
…pour que la campagne Atomic Stealer passe à Script Editor.
⬇️
ClickFix technique uses Script Editor instead of Terminal on macOS
Jamf Threat Labs discovered a ClickFix-style macOS attack that abuses the applescript:// URL scheme to launch Script Editor and deliver an Atomic Stealer infostealer payload — bypassing Terminal entirely.
👇
https://www.jamf.com/blog/clickfix-macos-script-editor-atomic-stealer/
Forschende von Jamf Threat berichten heute über eine neue Variante einer bekannten Cyberangriffsmethode. Der Angriff zielt auf Mac-Nutzende ab und nutzt eine ziemlich geschickte Täuschung, um Schadsoftware auf den Mac zu schleusen.
Mehr: https://digiprax.maniabel.work/archiv/1248
#infostealer #AtomicStealer #jamf #infosec #up2date #macOS #ScriptEditor #ClickFix
macOS Users Targeted in ClickFix Malware Campaign
macOS users are being targeted in a sneaky new malware campaign called ClickFix, which tricks them into executing malicious commands by abusing the Script Editor and Terminal tools. This latest attack raises a pressing question: how can we trust our trusted tools when they're being exploited by hackers?
#Macos #AtomicStealer #Clickfix #MalwareOperations #EmergingThreats
🚨 Fake Malwarebytes, LastPass & 70+ brands abused on GitHub to spread Atomic Stealer (AMOS).
🔹 Fake repos + SEO + sponsored ads = malware installs
🔹 Copy-paste terminal commands (curl … | bash) deliver the payload instantly
🔹 Brands targeted include password managers, fintech apps, and dev tools
⚠️ Another reminder: only trust official developer sites.
💬 Do you think GitHub & Google should be held more accountable for catching these campaigns earlier?
Follow @technadu for #CyberSecurity insights.
#Malware #AtomicStealer #AMOS #Infostealer #MacOS #Malwarebytes #LastPass #GitHubSecurity
OTX Bot
Italian News by RSS
The New Oil
Analyst207
decio
maniabel
The Threat Codex
TechNadu