ClickLock Malware Targets macOS Users with Social Engineering Tactics

ClickLock Malware Targets macOS Users with Social Engineering Tactics

First seen 16 Jul 2026, 23:17 UTC TheregisterBleepingcomputerwww.tines.com 88% similarity 69.5

Article Content

Browse articles
ThreatCluster

The ClickLock malware, a new macOS information stealer, has been identified by Group-IB. It exploits social engineering to trick users into entering their login credentials via a fake password dialog. Since May, it has infected over 100 systems across 33 countries, primarily in Europe. The malware operates without needing elevated privileges or software exploits, relying instead on user interaction to execute malicious commands in the Terminal. Once activated, ClickLock can steal passwords, cryptocurrency assets, and browser data while establishing a persistent backdoor for ongoing access. The malware's coercive tactics include terminating visible applications to pressure victims into compliance. It was first detected on VirusTotal on June 9, with no antivirus solutions flagging it at that time. The malware's development appears ongoing, suggesting future enhancements may be forthcoming.

Key Points: • ClickLock malware uses social engineering to steal macOS user credentials. • Over 100 systems across 33 countries have been infected since May 2026. • The malware operates without exploits, relying on user interaction to execute.

ThreatCluster AI

Timeline

2026-05-01
ClickLock malware first active
The ClickLock malware began targeting macOS users through social engineering tactics.
BleepingComputer
2026-06-09
Malicious script uploaded to VirusTotal
A shell script associated with ClickLock was uploaded, initially undetected by antivirus solutions.
BleepingComputer
2026-07-16
ClickLock malware detailed by Group-IB
Group-IB published findings on ClickLock, revealing its operation and impact on users worldwide.
Theregister

Community

Browse all →