What Happened
ClickLock Stealer, a new macOS infostealer, answers a victim's refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and when the victim cancels, installs two LaunchAgents and quietly exits. At the next login, Finder, the Dock, Spotlight, Terminal, Activity Monitor, and
Why It Matters
The article describes ClickLock Stealer, a new macOS infostealer that uses aggressive social engineering and process-killing behavior to coerce users into entering their login password into a fake prompt, then steals credentials, browser data, crypto wallet information, and Keychain contents, exfiltrating them to an attacker-controlled Telegram bot.[1][4][5] It is delivered via commands pasted into Terminal and persists via LaunchAgents so that, on next login, it repeatedly kills Finder, Dock, Spotlight, Terminal, Activity Monitor, and major browsers every 210 ms until a valid password is supplied.[1][2][3][4] From a RealGround perspective, this is not an AI-specific exploit but a sophisticated malware campaign that could be integrated into broader automated or AI-assisted attack workflows. The practical implication for AI security is that any AI-powered agents operating on endpoints, or orchestrating system automation, must be red-teamed to ensure they cannot be tricked into executing unvetted shell commands, installing persistence mechanisms, or assisting with coercive credential harvesting, making Continuous AI Red Teaming critical to test and harden such AI workflows ag
RealGround Analysis
This signal maps to malicious AI use. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.
Recommended Actions
- Restrict AI agent tool permissions and production write paths.
- Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
- Add human approval workflows for high-impact or state-changing actions.
- Run prompt injection and indirect prompt injection tests against affected workflows.
- Document the owner, control gap, and remediation deadline for this risk class.
Source
https://thehackernews.com/2026/07/new-clicklock-macos-stealer-kills-apps.html
