‘macOS users may face real, sophisticated threats that don’t require exploits or elevated access to succeed’: ClickLock Stealer tries to trick Apple users into revealing their passwords



  • Group-IB discovers ClickLock, a new macOS-focused data stealer that uses aggressive social engineering by spamming password requests and closing key applications every 210 ms until victims comply
  • Once credentials are obtained, it exfiltrates browser data, crypto wallets, password manager entries, FTP settings, and device information via Telegram Bot API.
  • Active since May 2026, detected in 33 countries (mainly Europe), distributed through ClickFix campaigns and initially undetected by security vendors until recently.

Group-IB security researchers have discovered a new data stealer primarily targeting macOS users in Europe.

Dubbed ClickLock, it’s more of an annoying social engineering mechanism than a full-fledged malware variant, constantly displaying a login message on the victim’s device, until they finally comply and share the credentials.

Leave a Comment

Your email address will not be published. Required fields are marked *