ClickFix Malware Campaign Targets Mac Users with Sensitive Data Theft

A new malware campaign targeting Mac users has been uncovered, using fake troubleshooting guides to install malicious software.

The campaign, dubbed ClickFix, was discovered by Microsoft's Defender Security Research Team and started in late 2025. It preys on users searching for help with common problems like freeing up disk space or fixing system errors.

The attackers post fake macOS troubleshooting guides on platforms such as Medium, Craft, and Squarespace, which instruct users to copy a command and paste it into Terminal. This command downloads and runs malware directly in the user's computer, bypassing security measures like Gatekeeper.

Researchers identified three types of malware families involved: AMOS, Macsync, and SHub Stealer. These malware steal sensitive data such as iCloud and Telegram account information, private documents, photos, crypto wallet keys, and saved usernames and passwords from Chrome and Firefox.