Return to Threats

‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing

securityweek.com 2026-07-16 malicious AI use High

What Happened

The new macOS malware has targeted at least 100 users to steal their passwords and cryptocurrency. The post ‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing appeared first on SecurityWeek .

Why It Matters

The article describes ClickLock Stealer, a new macOS infostealer that spreads via social engineering, convincing users to paste a command into Terminal that deploys malware able to steal passwords, browser credentials, and cryptocurrency wallet data from at least 100 victims.[1][2] The stealer uses persistent LaunchAgents, fake system dialogs, and aggressive app-killing loops to coerce users into providing their macOS login password, bypassing expected security UX rather than exploiting traditional vulnerabilities.[1][2][6] From a RealGround perspective, this highlights how human-facing social engineering and OS-level automation can be repurposed to coerce credentials that later may be used to access or operate AI systems, developer environments, or cloud platforms. Organizations should continuously red-team AI-related workflows against similar social engineering and credential-stealing techniques and include these macOS infostealer patterns in CISO-level threat models for AI infrastructure and agent operators.

Healthcare Fintech SaaS SMB AI startups

RealGround Analysis

This signal maps to malicious AI use. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.

Recommended Actions

  • Restrict AI agent tool permissions and production write paths.
  • Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
  • Add human approval workflows for high-impact or state-changing actions.
  • Run prompt injection and indirect prompt injection tests against affected workflows.
  • Document the owner, control gap, and remediation deadline for this risk class.

Source

https://www.securityweek.com/clicklock-stealer-bypasses-macos-security-with-social-engineering-process-killing/

Talk to AI CISO