New Mac malware pretends to be a login box that won’t go away

Summary created by Smart Answers AI
In summary:
- Macworld reports on ClickLock Stealer, a new macOS malware discovered by Group-IB that locks Mac systems until users enter their login password, then steals sensitive data.
- The malware targets users through fake Cloudflare CAPTCHA prompts and Terminal commands, primarily affecting high-income regions including Italy, U.S., Jordan, and U.K.
- It aggressively steals browser credentials, crypto wallet data, and password manager information while disabling applications to force password entry and complete installation.
Security researcher Group-IB has discovered new Mac malware that it has dubbed ClickLock Stealer. As part of the installation of ClickLock Stealer, the installer will essentially lock your Mac until a login password is entered in a persistent window. Once a password is entered, the malware is installed and covertly captures data: browser credentials, crypto wallet extensions, desktop wallet files, password manager data, and more.
Users are targeted by threat agents using a fake Cloudflare CAPTCHA that persuades users to copy and paste a command in the Terminal of macOS. Once the installation is triggered, malware components are installed on the Mac while a fake Cloudflare progress window is displayed.
However, if a user trying to cancel the installation in progress, the malware then kills “every visible application every 210 milliseconds, leaving only a password dialog on screen until the user is forced to comply,” according to Group-IB.
The report also states that the highest number of users targeted are located in Italy, the U.S., Jordan, and the U.K. “The geographic distribution is consistent with a financially-motivated campaign targeting users in high-income regions where cryptocurrency adoption and macOS market share are both elevated,” said Group-IB.
How to protect yourself from malware
The easiest way to protect yourself from malware is to avoid downloading software from unfamiliar download sites. Never open links in emails or texts you receive from unknown and unexpected sources. If you get a message that looks like it is from an entity that you do business with, check the sender’s email address and inspect the URL carefully. If you see a link or button, you can Control-click it, select Copy Link Address, and then paste it into a text editor to see the actual URL to check it there.
Apple has vetted software in the Mac App Store, and it is the safest way to get apps. If you prefer not to patronize the Mac App Store, then buy software directly from the developer and their website. If you insist on using cracked software, you will always risk malware exposure.
Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.