Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

New 'ClickLock' malware targets trusting Mac users via Terminal trick

A newly documented malware strain called ClickLock is tricking macOS users into pasting malicious commands into their Terminal. The social engineering campaign preys on trust and technical naivety, raising fresh security concerns for UK businesses and consumers.

  • ClickLock is a new stealer malware targeting macOS via social engineering.
  • Victims are tricked into copying and pasting a malicious text string into Terminal.
  • The malware can steal credentials, session tokens, and sensitive files from infected Macs.
  • UK businesses face increased risk from Mac-targeting malware as remote work persists.
  • The ICO and EU AI Act may influence how security tools detect such threats in future.

A newly identified strain of malware, dubbed ClickLock, is exploiting a combination of social engineering and macOS user trust to compromise systems. The attack relies on convincing users to copy a seemingly harmless text string and paste it into the macOS Terminal app, a powerful command-line tool that can execute system-level changes without further prompts.

Security researchers have documented the stealer malware as part of a broader trend of increasingly sophisticated attacks on Apple's ecosystem. The technique preys on users who may not fully understand the risks of running arbitrary commands in Terminal, often disguised as a 'fix' for a common problem or a way to unlock a hidden feature. Once executed, ClickLock can harvest saved passwords, browser session tokens, cryptocurrency wallets, and other sensitive data, transmitting it to remote servers controlled by attackers.

For UK businesses, the emergence of ClickLock underscores a growing blind spot in cybersecurity strategies. While Windows-based threats remain dominant, the rising adoption of Macs in enterprise and remote work settings — particularly among creative and tech professionals — makes them an increasingly attractive target. "Mac users have long enjoyed a reputation for being safer from malware, but that very confidence is now being weaponised," said a cybersecurity analyst familiar with the threat. "ClickLock shows that social engineering, not just technical vulnerability, is the primary vector."

The UK's Information Commissioner's Office (ICO) has not yet issued specific guidance on ClickLock, but the attack highlights the ongoing tension between user convenience and security. Under the EU AI Act, which has extraterritorial implications for UK firms handling EU data, security tools that rely on AI to detect anomalous command-line behaviour may need to meet new transparency and risk management standards. This could affect how British cybersecurity vendors develop and deploy protective software.

Consumers are advised to treat any unsolicited instruction to paste text into Terminal with extreme caution, even if it appears to come from a trusted source. Organisations should consider restricting Terminal access for non-administrative users and reinforcing training on social engineering tactics. As malware authors continue to refine their techniques, the line between a helpful tip and a malicious payload grows ever thinner.

Why this matters: ClickLock represents a targeted threat to the growing number of UK Mac users, many of whom may not be aware that macOS is now a prime target for sophisticated cybercriminals. The attack method — social engineering via Terminal — bypasses traditional antivirus defences and exploits human trust.

What this means for you: What this means for you: If you use a Mac, never paste commands into Terminal unless you are absolutely certain of their origin and effect. This attack can steal your passwords, bank details, and personal files without any obvious warning signs.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.