New ClickLock macOS malware traps users into revealing login password

New ClickLock macOS malware traps users into revealing login password
ClickLock is a new macOS info-stealer that uses fake Cloudflare verification and forced password prompts to steal credentials, cryptocurrency data, browser information, and macOS authentication data. Group-IB found it has already affected at least 100 systems in 33 countries and can also install a persistent GSocket backdoor for remote access. #ClickLock #GroupIB #GSocket

Keypoints

  • ClickLock targets macOS users with a fake verification flow and malicious Terminal commands.
  • The malware forces repeated password prompts by terminating visible system processes.
  • It steals browser data, wallet information, credentials, and macOS authentication data.
  • ClickLock can establish persistence through LaunchAgents and related startup mechanisms.
  • The final payload uses GSocket to provide attackers with a persistent remote backdoor.

Read More: https://www.bleepingcomputer.com/news/security/new-clicklock-macos-malware-traps-users-into-revealing-login-password/