New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password
Overview
A new piece of malware known as ClickLock Stealer is targeting macOS users by forcing them to input their login passwords. This infostealer operates by running a command in the Terminal that creates a fake system dialog asking for the password. If the victim cancels this request, the malware repeatedly kills various applications—including Finder and Terminal—every 210 milliseconds until the password is provided. Once the victim logs in again, the malware installs two LaunchAgents, allowing it to operate silently in the background. This type of attack is particularly concerning as it manipulates user behavior to extract sensitive information, highlighting the need for users to be cautious about unexpected prompts and commands.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: macOS systems, specifically targeting user applications like Finder, Dock, Spotlight, Terminal, and Activity Monitor.
- Action Required: Users should avoid running unknown commands in Terminal and be vigilant about suspicious password prompts.
- Timeline: Newly disclosed
Original Article Summary
ClickLock Stealer, a new macOS infostealer, answers a victim's refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents and quietly exits. At the next login, Finder, the Dock, Spotlight, Terminal, Activity Monitor, and
Impact
macOS systems, specifically targeting user applications like Finder, Dock, Spotlight, Terminal, and Activity Monitor.
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Newly disclosed
Remediation
Users should avoid running unknown commands in Terminal and be vigilant about suspicious password prompts. Regularly updating macOS and using security software can help mitigate risks.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to macOS, Apple, Malware.