New ClickLock Malware Holds Mac Users Hostage for Passwords
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new macOS malware strain named ClickLock is targeting Mac users by preventing access to their computers until they provide their login passwords. The malware employs social engineering tactics, displaying fake Apple password prompts and repeatedly crashing key macOS processes, including Finder and Terminal, every 210 milliseconds. Researchers at Group-IB report that ClickLock has already infected over 100 systems across 33 countries since May 2026. The malware is believed to initiate through a ClickFix-style attack, tricking users into executing a command in Terminal. Once the correct password is entered, ClickLock not only steals it but also targets sensitive data such as browser profiles and cryptocurrency wallets. The malware's persistence mechanisms can keep users trapped in a cycle for over 83 hours. Additionally, another malware called CrashStealer is also affecting macOS, which impersonates Apple's crash reporting framework to steal sensitive information.
Key Points: • ClickLock malware prevents Mac access until the user surrenders their password. • Over 100 systems in 33 countries have been infected since May 2026. • The malware uses social engineering tactics and targets sensitive data like browser profiles.