New ClickLock macOS malware traps users into revealing login password
A new macOS information-stealing malware dubbed ClickLock terminates all visible processes to force users into entering their system login password. [...]
macOS is Apple’s desktop operating system, whose vulnerabilities, security updates, and software ecosystem affect device protection and data security.
Search across headline titles and summaries.
Background for this topic.
macOS is the desktop operating system for Mac computers. Its security model combines signed-code checks and notarization through Gatekeeper, built-in malware detection, application sandboxing, System Integrity Protection, and privacy controls that restrict access to files, cameras, microphones, and other sensitive resources. FileVault can encrypt the startup volume, reducing exposure if a device is lost, although it does not protect data from an attacker using an unlocked account.
For security teams, macOS is an endpoint whose risk depends on timely operating-system and application updates, configuration, and user permissions. Vulnerabilities in macOS components, browsers, or widely deployed software can enable code execution or privilege escalation, while malicious or over-permissioned applications may bypass intended isolation through user-approved access. Organizations should track supported versions, enforce updates and disk encryption through device management, limit administrative access, and preserve relevant logs for investigation; security controls and available telemetry can vary by macOS release and Mac hardware.
A new macOS information-stealing malware dubbed ClickLock terminates all visible processes to force users into entering their system login password. [...]
Newly documented stealer ClickLock comes for the more trusting Mac user with spot of social engineering
New ClickLock macOS stealer locked victims out of their own system until they surrendered a password
ClickLock Stealer, a new macOS infostealer, answers a victim's refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents and quietly exits
Researchers at Jamf Threat Labs detail CrashStealer, which steals passwords, cryptocurrency wallets and more
New macOS infostealer CrashStealer uses a signed app to bypass Gatekeeper, steals credentials and wallets, then AES-encrypts stolen data. Jamf Threat Labs first spotted CrashStealer in early May 2026 as a suspicious macOS sample uploaded to VirusTotal. By early July, in-the-wild detections confirmed the malware had moved from development into active deployment. The malware is […]
A new macOS information-stealing malware called CrashStealer pretends to be Apple's crash-reporting tool to steal credentials, keychain data, and crypto wallets. [...]
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Novel Java-Based QuimaRAT Targets Windows, macOS, and Linux Vibe Coded Extortion: Avalon’s Path from Legal Lure to CrownX Ransom Capabilities Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign RedWing: A […]