🟡 Medium | Source: The Register — Security
A newly documented macOS information-stealing malware called ClickLock uses social engineering to trick users into copying and pasting malicious commands into their Terminal, granting the malware elevated access. The technique requires no technical exploit — it relies entirely on convincing the victim to run the payload themselves. This makes it particularly difficult to block with traditional endpoint controls, as the user is the attack vector.
Security Architect’s Take: Enforce endpoint controls that restrict Terminal and shell execution to authorised users via MDM policies, and ensure macOS fleet monitoring captures shell command telemetry. Consider user awareness training specifically covering ‘paste-and-run’ social engineering tactics, which are increasingly common on both macOS and Windows.
Original advisory: C’mon, just copy this text string and paste it into your macOS Terminal – it’ll fix your computer, honest