216.73.216.226

ClickFix Malware Uses macOS Script Editor to Deliver Atomic Stealer

· Published 08/04/2026 16:49 · Modified 08/04/2026 16:31

Export JSON

Essential information

Published
08/04/2026 16:49
Modified
08/04/2026 16:31
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
applescript atomicstealer clickfix infostealer macos
Tags
2026-04-08 applescript atomicstealer clickfix infostealer macos
Related entities
5 indicators, 5 observables, 1 techniques (mitre), 2 malware, 1 others

Description

Jamf Threat Labs discovered a -style attack that abuses the :// URL scheme to launch Script Editor and deliver an Atomic Stealer payload — bypassing Terminal entirely.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

External references