Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS

Mac users looking for a reliable system cleanup tool are being lured into a malware trap. Cyber security researchers have spotted a fraudulent website impersonating the well-known macOS utility CleanMyMac, tricking visitors into installing a credential-stealing malware called SHub Stealer that can also tamper with cryptocurrency wallet applications.

A Fake Installer That Asks Users to Run a Terminal Command

The campaign relies on social engineering in which victims are asked to run a command in Terminal, which installs the malware while appearing like a legitimate installation step. This is a classic example of a ClickFix attack on macOS devices, where attackers trick users into manually executing a command that downloads and runs the malicious payload.

Press Command (⌘) + Space to open Spotlight Search

Type "Terminal" and Press Return to launch it

Once the Terminal window is open, you can proceed with the steps below

Installation via Terminal command

Copy the installation ...