A new piece of malware called ClickLock Stealer is targeting macOS users by disabling their computers until they provide their login passwords [1].
This threat represents a significant shift in social engineering, as it uses system instability to coerce users into handing over credentials rather than relying solely on deceptive emails or websites [2].
The malware operates by repeatedly killing essential macOS processes [1]. This action causes the system to become unstable and prevents the user from utilizing their computer normally [3]. As the system crashes, ClickLock Stealer displays a persistent login prompt that mimics a legitimate system request [2].
Victims are led to believe that entering their password is the only way to regain control of their device [1]. Once the user enters the credentials into the fake box, the malware captures the password and sends it to the attackers [2].
The attackers use this method to steal login credentials and potentially other sensitive data stored on the machine [1]. Reports said the malware was first identified in early 2024 [1], [2].
Security researchers said that the malware may also use deceptive elements, such as fake Cloudflare CAPTCHAs, to further trick users during the infection process [3]. Because the malware targets the core functionality of the operating system, users may find it difficult to remove the threat without specialized tools or a full system reset [2].
“ClickLock Stealer repeatedly kills essential macOS processes”
The emergence of ClickLock Stealer highlights a trend toward 'denial-of-service' style social engineering. By creating a state of urgency and frustration through intentional system crashes, attackers can bypass the skepticism users typically have toward phishing prompts. This forces a psychological state where the victim prioritizes restoring functionality over security caution.



