macOS users are targeted in a fresh ClickFix campaign that uses a Cloudflare-themed verification page to deliver a Python-based information stealer, Malwarebytes reports.
The attack starts with a fake CAPTCHA page that serves a legitimate-looking Cloudflare human verification page asking visitors to paste and execute a command in Terminal.
Referred to as ClickFix, the technique relies on social en...
The ClickFix campaign targeting macOS users is a clear example of how threat actors are refining their social engineering tactics to exploit trust in legitimate services like Cloudflare. The use of a fake verification page to trick users into executing malicious commands is a well-worn technique, but its adaptation to macOS—with tailored instructions and native binary compilation—shows a sophisticated evolution. The malware’s ability to evade detection by compiling Python into native code and it...