Jamf Threat Labs has discovered a ClickFix-style macOS attack that abuses the applescript:// URL scheme to launch Script ...

ClickFix attacks targeting Mac users now use Script Editor instead of Terminal, a shift that sidesteps Apple's latest protections and streamlines the attack.

ClickFix on Macs is evolving yet again and is no longer abusing Terminal.

OS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script ...

When a victim clicks an “Execute” button, the site calls the applescript:// URL scheme, prompting the browser to open Script Editor with malicious code already filled in. That removes the need for the ...

Jamf finds a ClickFix variant that swaps copy-paste Terminal lures for Script Editor execution, tightening delivery of Atomic Stealer. ClickFix malware campaigns are evolving again, with threat actors ...

North Korean hackers used AppleScript and ClickFix in recent attacks targeting macOS systems at financial organizations.

An ongoing malware campaign is using Apple's Script Editor instead of the Terminal to inject the Atomic Stealer data thief onto Macs.

Jamf Threat Labs, a team of Mac and mobile security experts, have identified a new ClickFix-style attack that ditches the ...

A MacOS-focused social engineering campaign orchestrated by North Korea-based threat actor Sapphire Sleet has been exposed by ...