ClickFix Campaign Evolves with Targeting of MacOS Users

ClickFix is an active macOS-focused social-engineering campaign that lures users into pasting malicious commands into Terminal or using Script Editor, which then deploy in-memory loaders or Mach-O droppers to install infostealers (Macsync, Shub Stealer, AMOS). The malware harvests Keychain entries, iCloud data, media, and crypto wallet keys, uses region-based kill switches to avoid CIS targets and researchers, and adapts to bypass Apple’s Terminal paste warnings; defenders are advised to monitor Terminal/osascript activity and protect credential stores.