SecurityWeek

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers used AppleScript and ClickFix in recent attacks targeting macOS systems at financial organizations.
Mactrast

ClickFix-Style macOS Attack Abuses Applescript:// URL Scheme to Deliver Infostealer Payload

Jamf Threat Labs, a team of Mac and mobile security experts, have identified a new ClickFix-style attack that ditches the ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...

Mac users beware — experts say this attack stood out immediately by making a major change

ClickFix on Macs is evolving yet again and is no longer abusing Terminal.

Mac Script Editor becomes new entry point for ClickFix malware

ClickFix attacks targeting Mac users now use Script Editor instead of Terminal, a shift that sidesteps Apple's latest protections and streamlines the attack.
Arabian Post

Script Editor becomes Mac malware gateway

When a victim clicks an “Execute” button, the site calls the applescript:// URL scheme, prompting the browser to open Script Editor with malicious code already filled in. That removes the need for the ...