New ClickLock macOS malware traps users into revealing login password
A new macOS information-stealing malware dubbed ClickLock terminates all visible processes to force users into entering their system login password. [...]
macOS is Apple’s desktop operating system, whose vulnerabilities, security updates, and software ecosystem affect device protection and data security.
Search across headline titles and summaries.
Background for this topic.
macOS is the desktop operating system for Mac computers. Its security model combines signed-code checks and notarization through Gatekeeper, built-in malware detection, application sandboxing, System Integrity Protection, and privacy controls that restrict access to files, cameras, microphones, and other sensitive resources. FileVault can encrypt the startup volume, reducing exposure if a device is lost, although it does not protect data from an attacker using an unlocked account.
For security teams, macOS is an endpoint whose risk depends on timely operating-system and application updates, configuration, and user permissions. Vulnerabilities in macOS components, browsers, or widely deployed software can enable code execution or privilege escalation, while malicious or over-permissioned applications may bypass intended isolation through user-approved access. Organizations should track supported versions, enforce updates and disk encryption through device management, limit administrative access, and preserve relevant logs for investigation; security controls and available telemetry can vary by macOS release and Mac hardware.
Weekly headline count for the current query.
A new macOS information-stealing malware dubbed ClickLock terminates all visible processes to force users into entering their system login password. [...]
Newly documented stealer ClickLock comes for the more trusting Mac user with spot of social engineering
New ClickLock macOS stealer locked victims out of their own system until they surrendered a password
ClickLock Stealer, a new macOS infostealer, answers a victim's refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents and quietly exits
Researchers at Jamf Threat Labs detail CrashStealer, which steals passwords, cryptocurrency wallets and more
New macOS infostealer CrashStealer uses a signed app to bypass Gatekeeper, steals credentials and wallets, then AES-encrypts stolen data. Jamf Threat Labs first spotted CrashStealer in early May 2026 as a suspicious macOS sample uploaded to VirusTotal. By early July, in-the-wild detections confirmed the malware had moved from development into active deployment. The malware is […]
A new macOS information-stealing malware called CrashStealer pretends to be Apple's crash-reporting tool to steal credentials, keychain data, and crypto wallets. [...]
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Novel Java-Based QuimaRAT Targets Windows, macOS, and Linux Vibe Coded Extortion: Avalon’s Path from Legal Lure to CrownX Ransom Capabilities Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign RedWing: A […]
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux
Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data
Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both Windows and Android devices
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
Apple released updates for iOS, iPadOS, macOS, and Safari, fixing WebKit flaws, four of which were found using AI tools like Claude and Codex Apple pushed out security updates for iOS, iPadOS, macOS, and Safari on Monday, and this round comes with a twist worth noticing. Four of the WebKit vulnerabilities patched were found using […]
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security
Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. [...]
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts
A newly discovered macOS malware dubbed "Gaslight" is designed to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable. [...]
macos-xpc-flaw-disable-edr-mdm-standard-user-xm-cyber