New macOS ClickFix attack silently mounts DMGs to push infostealer
A novel macOS ClickFix attack has been discovered that silently mounts DMG files to push infostealer malware. The attack leverages a technique that mounts disk images without the usual user-visible prompts, allowing malware to be installed stealthily. By exploiting user interaction, the attack bypasses macOS security mechanisms that typically warn users before mounting external volumes. This method enables attackers to deliver infostealer payloads that can steal sensitive data from compromised systems. The attack highlights a growing trend of sophisticated social engineering combined with technical exploits targeting macOS users.
// why it matters
macOS users face stealthy malware delivery that bypasses standard security warnings.