negativeSYS.SOURCE: The Hacker News• 2026-07-16T18:03:42+05:30
ClickLock macOS Stealer Uses App-Killing Loop to Extract Passwords
ClickLock macOS Stealer forces users to enter passwords by repeatedly killing system apps every 210ms, extracting sensitive data like Keychain credentials and crypto wallets. The malware uses LaunchAgent persistence and avoids detection through compromised hosts with no dedicated C2 infrastructure.
ClickLock Stealer, a new macOS infostealer, answers a victim's refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents and quietly exits.
At the next login, Finder, the Dock, Spotlight, Terminal, Activity Monitor, and
*** END OF TRANSMISSION ***