clickfix2 articles
FBI Director's Merch Site Is Serving Malware to macOS Users
FBI Director Kash Patel's merchandise website, BasedApparel.com, was found hosting a "ClickFix" malware attack that tricks macOS users into running a malicious command by disguising it as a Cloudflare human-verification process. Victims are prompted to copy what appears to be a simple verification code, but the clipboard actually receives a hidden obfuscated command that, when run in Terminal, executes a script designed to steal browser credentials and cryptocurrency wallet data. The attack likely resulted from hackers compromising the site, and the malicious payload was flagged by 27 antivirus engines as a Trojan/infostealer.
Reaper Malware Hits macOS: Steals Passwords, Drains Crypto Wallets, Then Quietly Moves In
A new macOS malware variant called Reaper, an updated version of the SHub stealer, targets users by spoofing trusted domains like Apple, Microsoft, and Google to steal passwords, cryptocurrency wallet credentials, and sensitive files. Unlike earlier versions, it bypasses Apple's Terminal entirely by using macOS Script Editor to execute its malicious payload, circumventing defences added in macOS Tahoe 26.4. The malware also establishes persistent backdoor access by disguising itself as a Google Software Update process, allowing attackers to remotely execute code on compromised machines every 60 seconds.