1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Mac users beware experts say this attack 'stood out immediately'

    From TechnologyDaily@1337:1/100 to All on Thu Apr 9 18:30:26 2026
    Mac users beware experts say this attack 'stood out immediately' by making a major change to try spread malware

    Date:
    Thu, 09 Apr 2026 17:25:00 +0000

    Description:
    ClickFix on Macs is evolving yet again and is no longer abusing Terminal.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Hackers revive ClickFix attacks on macOS New method abuses Script Editor via URL scheme Campaign delivers Atomic Stealer
    to exfiltrate sensitive data Hackers are adding new twists to the old
    ClickFix attack to bypass recently introduced macOS protections and still deliver infostealer malware to peoples devices, experts have warned,

    Security researchers Jamf Threat Labs recently spotted one such campaign in the wild, having noted that so far, ClickFix attacks on macOS tried to get
    the victim to copy and paste a command into the Terminal. However, with macOS 26.4, this method no longer works, since the device scans all pasted commands before theyre executed - so, the miscreants got creative, and found a new point of entry - Script Editor. Article continues below You may like 'The prevailing wisdom used to be that macOS was at lower risk of malware
    infection compared to Windows...thats no longer the case': Experts warn Mac infostealers are on the rise - here's how to stay safe Microsoft warns ClickFix attacks targeting Windows Terminal to trick users into running malware 'macOS is becoming a more attractive target, and the tools attackers use are becoming more capable and more professional': Experts warn 'convincing' fake CleanMyMac installs target Apple users to empty crypto wallets Dropping AMOS Script Editor is a built-in macOS application that lets users write, edit, and run scripts to automate tasks and control apps. It supports AppleScript and JavaScript, allowing users to streamline certain actions without needing to create full software programs.

    To get victims to run Script Editor, the attackers used a URL scheme.

    Script Editor has a well-documented history as a malware delivery mechanism, so its presence here isn't surprising, the researchers wrote. What is notable is its role in this ClickFix campaign and the fact that it was invoked via a URL scheme.

    A URL scheme is a special type of link that uses a custom prefix to trigger specific actions. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    In the campaign, the crooks created a website that offered a way to reclaim disk space on a Mac. To do that, users would need to press the Execute button displayed on the page which invoked an applescript:// URL scheme. The scheme prompted the user to open Script Editor which, if approved, would run with a pre-filled script.

    This approach reduces direct user interaction, Jamf further said. The user is guided from a webpage into a pre-populated Script Editor window rather than entering commands in Terminal.

    The script would ultimately deploy Atomic Stealer, a known macOS infostealer capable of exfiltrating passwords, cryptocurrency wallet information, data stored in browsers , and more. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/mac-users-beware-experts-say-this-attac k-stood-out-immediately-by-making-a-major-change-to-try-spread-malware


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)