ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

ClickFix macOS campaign mounts DMGs via Terminal to deliver infostealer

Source headline: New macOS ClickFix attack silently mounts DMGs to push infostealer

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 1 hour ago

Intelligence Summary

A macOS ClickFix campaign uses Terminal commands to retrieve a malicious disk image. The disk image is mounted silently and then used to launch an infostealing payload. Victims are at risk of having sensitive data harvested from infected systems. The technique relies on user execution of the lure to start the command chain. Users should avoid unexpected DMG prompts and monitor for suspicious Terminal activity.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#clickfix #dmg #infostealer #macos #terminal
Original reporting BleepingComputer New macOS ClickFix attack silently mounts DMGs to push infostealer
Open original source

Related Pulse Signals

View all signals
Critical · Cybersecurity Xolis hit by phishing-driven data breach affecting 1.4 million individuals High · Cybersecurity Klue says a long-unused credential was stolen, enabling customer data breach High · Cybersecurity Scattered Spider defendants plead guilty as Transport for London case proceeds Critical · Cybersecurity Dify multi-tenant AI cloud leaks allow cross-tenant data access