Jamf Threat Labs has discovered a ClickFix-style macOS attack that abuses the applescript:// URL scheme to launch Script Editor and deliver an Atomic Stealer infostealer payload — bypassing Terminal ...

An ongoing malware campaign is using Apple's Script Editor instead of the Terminal to inject the Atomic Stealer data thief onto Macs.

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal.

Jamf finds a ClickFix variant that swaps copy-paste Terminal lures for Script Editor execution, tightening delivery of Atomic Stealer. ClickFix malware campaigns are evolving again, with threat actors ...

North Korean criminals set on stealing Apple users' credentials and cryptocurrency are using a combination of social ...

A MacOS-focused social engineering campaign orchestrated by North Korea-based threat actor Sapphire Sleet has been exposed by ...

A malware campaign which targets macOS systems, distributed using a ClickFix attack, has evolved to exploit Script Editor as the execution vector rather than the typical Terminal-based point of ...

ClickFix on Macs is evolving yet again and is no longer abusing Terminal.

North Korean hackers used AppleScript and ClickFix in recent attacks targeting macOS systems at financial organizations.

North Korea's Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials ...

Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready ...

DMDE is an advanced data recovery tool that prioritizes control over user-friendly design. Here's how it performed in our ...