Modular macOS Stealer Uses Kill Loops to Force Password Entry
New ClickLock macOS stealer locked victims out of their own system until they surrendered a password
macOS is Apple’s desktop operating system, whose vulnerabilities, security updates, and software ecosystem affect device protection and data security.
Search across headline titles and summaries.
Background for this topic.
macOS is the desktop operating system for Mac computers. Its security model combines signed-code checks and notarization through Gatekeeper, built-in malware detection, application sandboxing, System Integrity Protection, and privacy controls that restrict access to files, cameras, microphones, and other sensitive resources. FileVault can encrypt the startup volume, reducing exposure if a device is lost, although it does not protect data from an attacker using an unlocked account.
For security teams, macOS is an endpoint whose risk depends on timely operating-system and application updates, configuration, and user permissions. Vulnerabilities in macOS components, browsers, or widely deployed software can enable code execution or privilege escalation, while malicious or over-permissioned applications may bypass intended isolation through user-approved access. Organizations should track supported versions, enforce updates and disk encryption through device management, limit administrative access, and preserve relevant logs for investigation; security controls and available telemetry can vary by macOS release and Mac hardware.
Weekly headline count for the current query.
New ClickLock macOS stealer locked victims out of their own system until they surrendered a password
Researchers at Jamf Threat Labs detail CrashStealer, which steals passwords, cryptocurrency wallets and more
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
macos-xpc-flaw-disable-edr-mdm-standard-user-xm-cyber
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools
New actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malware
macOS LOTL techniques bypass detection using native tools and metadata abuse
macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead
A newly discovered macOS malware mimics legitimate apps code-signed and notarized by Apple
A new macOS malware chain using staged scripts and a Go-based backdoor has been attributed to FlexibleFerret, designed to steal credentials and maintain system access
Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into installing cracked versions of apps
A variant of the Atomic macOS Stealer (AMOS) targets macOS users via fake support sites in malvertising campaign
All Apple users are encouraged to update their iPhones, iPads and macOS devices
The addition of a backdoor to the Atomic macOS Stealer marks a pivotal shift in one of the most active macOS threats, said Moonlock
SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signal-based persistence
Trend Micro observed a continuous development of Albabat ransomware, designed to expand attacks and streamline operations
Proofpoint also identified two new threat actors operating components of web inject campaigns, TA2726 and TA2727
Microsoft has observed a new variant of XCSSET, a sophisticated macOS malware that infects Xcode projects
Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection
Jamf observed North Korean attackers embedding malware within Flutter applications to target macOS devices, potentially to test a new way of weaponizing malware