A newly identified strain of malware, dubbed ClickLock, is exploiting a combination of social engineering and macOS user trust to compromise systems. The attack relies on convincing users to copy a seemingly harmless text string and paste it into the macOS Terminal app, a powerful command-line tool that can execute system-level changes without further prompts.
Security researchers have documented the stealer malware as part of a broader trend of increasingly sophisticated attacks on Apple's ecosystem. The technique preys on users who may not fully understand the risks of running arbitrary commands in Terminal, often disguised as a 'fix' for a common problem or a way to unlock a hidden feature. Once executed, ClickLock can harvest saved passwords, browser session tokens, cryptocurrency wallets, and other sensitive data, transmitting it to remote servers controlled by attackers.
For UK businesses, the emergence of ClickLock underscores a growing blind spot in cybersecurity strategies. While Windows-based threats remain dominant, the rising adoption of Macs in enterprise and remote work settings — particularly among creative and tech professionals — makes them an increasingly attractive target. "Mac users have long enjoyed a reputation for being safer from malware, but that very confidence is now being weaponised," said a cybersecurity analyst familiar with the threat. "ClickLock shows that social engineering, not just technical vulnerability, is the primary vector."
The UK's Information Commissioner's Office (ICO) has not yet issued specific guidance on ClickLock, but the attack highlights the ongoing tension between user convenience and security. Under the EU AI Act, which has extraterritorial implications for UK firms handling EU data, security tools that rely on AI to detect anomalous command-line behaviour may need to meet new transparency and risk management standards. This could affect how British cybersecurity vendors develop and deploy protective software.
Consumers are advised to treat any unsolicited instruction to paste text into Terminal with extreme caution, even if it appears to come from a trusted source. Organisations should consider restricting Terminal access for non-administrative users and reinforcing training on social engineering tactics. As malware authors continue to refine their techniques, the line between a helpful tip and a malicious payload grows ever thinner.