“macOS users may face real, sophisticated threats that don’t require exploits or elevated access to succeed”: ClickLock Stealer attempts to trick Apple users into revealing their passwords


  • Group‑IB discovers ClickLock, a new information stealer focused on macOS that uses aggressive social engineering by sending password prompts and terminating key applications every 210 ms until victims comply.
  • Once the credentials are obtained, it exfiltrates browser data, crypto wallets, password manager entries, FTP configurations and device information via the Telegram Bot API.
  • Active since May 2026, spotted in 33 countries (mainly Europe), distributed via ClickFix campaigns and initially undetected by security vendors until recently

Security researchers at Group-IB have discovered a new information stealer primarily targeting macOS users in Europe.

Dubbed ClickLock, it’s more of an annoying social engineering mechanism than a full-fledged malware variant, constantly displaying a login prompt on the victim’s device, until they finally comply and share the credentials.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top