Cyber Warfare · Today's Signal

ClickLock: the macOS malware that just asks nicely for your password

Published 2026-07-16 · SAL Cyber Command Intelligence Network
ClickLock: the macOS malware that just asks nicely for your password

A new macOS malware family dubbed ClickLock has been identified by BleepingComputer and The Hacker News, using a trick that gets users to voluntarily type in their own login password. Rather than exploiting a technical flaw, ClickLock reportedly manipulates the interface so a victim believes they're completing a routine system action, when in fact they're handing credentials directly to the attacker. Both outlets frame this as a stealer variant built specifically for Mac users, a population long assumed by many small business owners to be relatively safe from mainstream malware.

This is the pattern security researchers have been flagging across platforms for two years now: attackers increasingly skip the exploit and go straight for the human. macOS's reputation as "safer than Windows" was always really a statement about market share and technical hardening, not about users' susceptibility to social engineering. ClickLock fits a broader shift where credential theft, whether via fake login prompts, cloned system dialogs, or macOS-specific gatekeeper bypass tricks, is cheaper and more scalable for criminals than finding zero-days. It also tracks with an uncomfortable trend: Mac-focused malware has grown steadily as Macs have become standard-issue in startups and finance teams, precisely the users who assume they're not a target.

The SAL read: if your team runs Macs and assumes that alone makes them safe, ClickLock is your reminder that the operating system was never the perimeter, your employees' click habits are.

Sources: BLEEPINGCOMPUTER · THE HACKER NEWS
SAL SENTRY — your private AI security operations center.24/7 watch on network, cloud, endpoints, and email. Flat $999/mo. Live in 48 hours.