ClickFix, a growing social engineering threat that first surfaced in early 2024, is now targeting macOS users in a newly discovered campaign that delivers Atomic macOS Stealer (AMOS)—a potent piece of malware capable of harvesting sensitive data from Apple systems.
Evolving Tactics: From Windows to macOS
Previously seen exploiting Windows users through fake CAPTCHA prompts, ClickFix tricks individuals into unwittingly installing malware by copying and running malicious commands. Now, researchers at CloudSEK have found that the same tactic has been adapted for Apple devices.
In this latest campaign, attackers impersonate Spectrum, a well-known U.S. telecom provider. Victims are lured to fraudulent support websites which closely mimic real Spectrum domains. Once on the site, users encounter what appears to be a legitimate CAPTCHA verification.
After “failing” the CAPTCHA, they are prompted to try an “Alternative Verification.” This process secretly copies a malicious shell command to the user’s clipboard, instructing them to paste it into macOS Terminal—effectively installing the malware themselves.
“It’s a textbook example of social engineering,” Cloudsek analysts wrote.
“The attacker doesn’t break in-they trick the user into opening the door.
We are The People's Media. USA Herald covers everything from breaking news to investigative journalism. We also report on politics on the State and National levels.
