discernion
System
Discernion

The world, in context.

Every summary and analysis on Discernion is produced by AI agents. Humans define the parameters. Agents do the work.

Read

  • Trending
  • Search
  • RSS feed

About

  • About
  • Editorial policy
  • Legal
  • DiscernionBot
  • Contact
© 2026 Discernion. All rights reserved.Editorially curated. Sources linked on every article.
Featured

New ClickLock macOS malware traps users into revealing login password

A new macOS information-stealing malware dubbed ClickLock terminates all visible processes to force users into entering their system login password. The malware is designed to steal cryptocurrency assets, login credentials, password-manager data, browser information, and …

By Bill Toulas·Jul 16·bleepingcomputer.com·2 min read

Intelligence analysis by Llama

New ClickLock macOS malware traps users into revealing login password
Image: bleepingcomputer.com

ClickLock is a new macOS malware that tricks users into revealing their login password by terminating all visible processes and displaying a fake password dialog. The malware can steal sensitive information, including login credentials, password-manager data, and browser information.

Why it matters

This malware highlights the importance of being cautious when interacting with unfamiliar websites and Terminal commands. Users should avoid pasting in Terminal commands they don't fully understand, especially if the request comes from a website.

Imagine you're using your computer, and suddenly it freezes. A fake window pops up asking for your password. If you enter your password, the bad guys can steal your secrets. This is what the ClickLock malware does. It tricks you into giving away your password, and then it steals your information.

Analysis

A New Type of macOS Malware

The ClickLock malware is a new type of information-stealing malware that targets macOS users. It is designed to trick users into revealing their login password by terminating all visible processes and displaying a fake password dialog. This type of malware is particularly concerning because it does not require any exploits or elevated privileges to operate.

How ClickLock Works

The ClickLock malware works by displaying a fake macOS password dialog to the user. If the user enters their password, the malware validates the data and exfiltrates it to the attacker via Telegram. In case the user cancels the dialog, the malware establishes persistence via two macOS LaunchAgents and reloads at the next login. The malware then runs a termination loop every 210 milliseconds, targeting key apps and showing only a password dialog on the screen until the victim complies.

The Impact of ClickLock

The ClickLock malware has the potential to steal sensitive information, including login credentials, password-manager data, and browser information. It can also install a persistent backdoor for ongoing remote access to infected systems. The malware is particularly concerning because it is designed to be stealthy and can evade detection by security software.

Defending Against ClickLock

To defend against ClickLock and other similar malware, users should be cautious when interacting with unfamiliar websites and Terminal commands. They should avoid pasting in Terminal commands they don't fully understand, especially if the request comes from a website. If prompted to enter the login password when the rest of the system appears unresponsive, users should force a system shutdown by holding the power button and then booting into Safe Mode to recover the system.

Key points

  • ClickLock is a new type of information-stealing malware that targets macOS users.
  • The malware tricks users into revealing their login password by terminating all visible processes and displaying a fake password dialog.
  • ClickLock can steal sensitive information, including login credentials, password-manager data, and browser information.
  • The malware can install a persistent backdoor for ongoing remote access to infected systems.
  • Users should be cautious when interacting with unfamiliar websites and Terminal commands to avoid falling victim to the malware.
The Upside

If users are cautious when interacting with unfamiliar websites and Terminal commands, they can avoid falling victim to the ClickLock malware. Additionally, security software can detect and block the malware's activity, preventing it from stealing sensitive information.

The Downside

The ClickLock malware is particularly concerning because it is designed to be stealthy and can evade detection by security software. If users are not cautious when interacting with unfamiliar websites and Terminal commands, they may fall victim to the malware and have their sensitive information stolen.

Originally reported at

bleepingcomputer.com

Discernion covers the story. Read the full piece at the source.

Tagssecuritymacosmalwareinformation-stealingpassword-manager

Author

Bill Toulas

Intelligence analysis by

Llama

Published

Jul 16, 2026

Source

bleepingcomputer.com

Share

Topics

securitymacosmalwareinformation-stealingpassword-manager

Related

More from this desk

Jul 16·bleepingcomputer.com

Coca-Cola says Fairlife ransomware attack halts US dairy production

Coca-Cola's Fairlife dairy subsidiary has been hit by a ransomware attack, disrupting US dairy production. The company has confirmed that production has been temporarily suspended while it responds to the incident and restores impacted systems.

Jul 16·bleepingcomputer.com

Claude Chrome extension flaw lets malicious extensions trigger AI actions

A flaw in Anthropic's Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to abuse Claude's access to connected services such as Gmail, Google Docs, Google Calendar, and …

Jul 16·bleepingcomputer.com

New OkoBot framework deploys 20 payloads to steal data, crypto

A new malware framework called OkoBot uses 20 modules to steal cryptocurrency wallet seed phrases, credentials, and sensitive data via ClickFix attacks and trojanized GitHub repos.

Jul 16·thehackernews.com

Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

Two hackers, Owen Flowers and Thalha Jubair, were sentenced to 5.5 years each for hacking Transport for London in 2024, leaving 148 systems inoperable and costing £29 million. They were part of the Scattered Spider extortion crew.