RST TI Report Digest: 11 May 2026

**ClickFix campaign uses fake macOS utilities lures to deliver infostealers** — Microsoft observed a macOS-targeted campaign that tricks users into running malicious shell commands to download and execute infostealers (SHub Stealer and AMOS); the malware harvests bash history, browser credentials, Keychain data and cryptocurrency wallet information, can persist via LaunchAgents, removes temporary traces, and the report includes extensive IOCs (IPs, domains, URLs, and SHA-256 hashes).