‘macOS users may be exposed to real, sophisticated threats that require neither exploits nor elevated access to succeed’: ClickLock Stealer tries to trick Apple users into revealing their passwords


  • Group-IB Unveils ClickLock, a New macOS-Focused Infostealer That Uses Aggressive Social Engineering by Spamming Password Prompts and Quitting Key Apps Every 210ms Until Victims Comply
  • Once the credentials are obtained, it exfiltrates browser data, crypto wallets, password manager entries, FTP configurations and device information via the Telegram Bot API
  • Active since May 2026, seen in 33 countries (mostly Europe), distributed via ClickFix campaigns and initially undetected by security vendors until recently

Security researchers from Group-IB have revealed a new infostealer targeting primarily macOS users in Europe.

Called ClickLock, it’s more of an annoying social engineering mechanism rather than a full-blown malware variant that constantly pops up a login prompt on the victim’s device until they finally comply and share the credentials.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top