MacOS users are no longer sitting safely on the sidelines of ClickFix attacks. Researchers at ANY.RUN uncovered a social-engineering campaign targeting macOS users that attempts to trick targets into running malicious commands.
Since March 2024, ClickFix has spread from petty cybercrime to state-backed espionage, tricking hundreds of victims with malicious commands disguised as fake PC fixes or CAPTCHAs.
In research published Tuesday, ANY.RUN outlined how attackers bought Google ads tied to popular AI development tools and redirected victims to fake documentation pages designed to look legitimate.
The campaign targeted users of tools including Claude Code, Grok, n8n, NotebookLM, Gemini CLI, OpenClaw and Cursor.
“Apple devices now make up a significant share of corporate endpoints. And they sit in the hands of the people attackers most want to reach,” the Any.Run team explained.
Once on the spoofed page, victims are hit with a ClickFix-style prompt that tells them to run a terminal command, which then downloads an obfuscated script that installs the AMOS stealer malware. (ANY.RUN)
“Engineers, product leads, finance teams, and the C-suite are disproportionately Mac users. They have access to source code repositories, financial systems, privileged cloud credentials, and sensitive business data.”
If a user enters and runs the terminal code, they are then sent through a series of redirects that ultimately result in the download and execution of an information stealing malware known as AMOS Stealer.
Once infected, the AMOS Stealer malware escalates to root privileges, steals browser credentials and session cookies from Chrome, Safari and Firefox, harvests passwords from the macOS Keychain, and pilfers files from common user folders and installs a persistent backdoor.
ClickFix is the lure; AMOS is the payload; the backdoor is what AMOS installs for persistence and remote access, researchers said.
“This backdoor… [gives] attackers real-time, hands-on control of the compromised Mac,” they said.
Researchers note the backdoor evolved from simple command polling into an interactive reverse shell over WebSocket with PTY support, giving attackers hands-on control of the compromised Mac.
While MacOS malware is far from new, such attacks rarely make the news Windows exploits and malware are far more common and are seen by threat actors as low-hanging fruit compared to Apple’s smaller market share.
The researchers say that this attack is particularly insidious because it doesn’t prey on a careless end user, a phishing email, or an unpatched vulnerability.
Instead, the “[bait] was a search engine result, a paid advertisement, and a trusted AI interface. Employees were not behaving carelessly; they were using the same research tools they use every day to get work done,” researchers said.
Shaun Nichols is an IT news journalist. He has spent nearly 20 years covering the industry with a specialty in the cybersecurity
