'The prevailing wisdom used to be that macOS was at lower risk of malware infection compared to Windows...that’s no longer the case': Experts warn Mac infostealers are on the rise - here's how to stay safe

• Sophos warns of multiple macOS ClickFix campaigns
• Fake AI tools, ChatGPT conversations, and Apple site used to spread MacSync infostealer
• Latest variant employs loaders, AppleScript, and in‑memory execution for stealth

Security researchers have warned of a rise in ongoing malware campaigns targeting macOS users, leveraging malicious ads, legitimate hosting services, brand impersonation, fake ChatGPT conversations, and a little bit of old-fashioned social engineering to infect the victims.

A new report from Sophos claims there were at least three distinct ClickFix campaigns running over the last three months. ClickFix is a known method, in which crooks would present users with a fake problem and, at the same time, offer a solution - which can be anything from a fake CAPTCHA to a “locked” document.

Whatever it is, “solving” the problem requires running a Terminal command which downloads and installs the MacSync infostealer.

Article continues below