Back
Developing· Apple· Published Jul 18, 2026

New macOS ClickFix Campaign Targets AppleScript Stealers

9to5Mac reported that Netskope Threat Labs has spotted a macOS ClickFix campaign using social engineering to get victims to run an AppleScript-based info stealer and a persistent remote access trojan. The outlet says the attack is designed to slip past built-in protections by targeting users directly.

Developing62/100
+5 today
Credible lead
How is confidence evaluated?
AI summary

According to 9to5Mac, a newly described macOS campaign is abusing user trust rather than technical exploits to compromise Apple systems. The report centers on an AppleScript-driven payload and a lingering remote access component.

Why this matters

This is a reminder that Macs can still be targeted through deception even when platform security is strong. For Apple users and IT teams, the story underscores the need for extra caution around prompts, downloads, and unexpected instructions.

Confidence reason

The source text explicitly describes a Netskope Threat Labs report and a macOS ClickFix campaign, but it does not provide extra specifics beyond the attack type and payloads.

Evidence
  • 9to5MacPrimary
    Apple @ Work: New macOS ClickFix malware brings a new potential backdoor to your enterprise fleet - 9to5Mac
    Bradley C
    "Apple @ Work is exclusively brought to you by Mosyle , the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional grade platform all the "
    Open original source

Recommended signals

Recommended from Apple topics and recent confidence changes