• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
TechTrendFeed
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
TechTrendFeed
No Result
View All Result

Risk Actors Use Clickfix Techniques to Deploy Malicious AppleScripts for Stealing Login Credentials

Admin by Admin
June 27, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


In a latest discovery by the CYFIRMA analysis group, a complicated malware marketing campaign dubbed Odyssey Stealer has been uncovered, focusing on macOS customers by way of a misleading technique referred to as Clickfix techniques.

This marketing campaign leverages typosquatted domains malicious web sites mimicking legit ones just like the macOS App Retailer, finance platforms, or cryptocurrency information portals to trick customers into executing dangerous AppleScripts (osascripts).

 Clickfix Tactics
macOS App Retailer area

These scripts are engineered to reap delicate knowledge, together with browser cookies, saved passwords, cryptocurrency pockets data, and browser extensions, posing a extreme risk to people, significantly these engaged in monetary and crypto actions.

– Commercial –
Google News

Odyssey Stealer Targets macOS Customers

The operation, linked to a command-and-control (C2) panel primarily hosted in Russia, showcases a professional-grade knowledge theft mechanism that prioritizes Western customers in america and the European Union whereas avoiding victims in CIS international locations, a sample usually related to Russian-aligned cybercriminal teams.

The Clickfix approach begins with the creation of visually related or typosquatted domains designed to use consumer typing errors.

Upon visiting these malicious websites, customers are greeted with a faux Cloudflare-style CAPTCHA immediate, accompanied by directions to repeat and paste a Base64-encoded command into their terminal.

In response to Cyfirma, this command fetches and executes a non-obfuscated osascript from servers like odyssey1[.]to or particular IP addresses, triggering a cascade of malicious actions.

 Clickfix Tactics
osascript

Finance and Crypto Lovers at Excessive Danger

The script creates a brief listing, akin to /tmp/lovemrtrump, to retailer stolen knowledge, copies macOS Keychain recordsdata for credential theft, and deploys faux authentication prompts to seize consumer passwords.

It additional targets desktop cryptocurrency wallets like Electrum, Coinomi, and Exodus, alongside browser knowledge from Chrome, Firefox, and Safari, extracting non-public keys, seed phrases, session tokens, and private recordsdata from Desktop and Paperwork folders.

The stolen knowledge is then compressed right into a ZIP file (out.zip) and exfiltrated by way of a curl POST request to attacker-controlled servers, with persistent retry mechanisms making certain supply even underneath intermittent community circumstances.

Odyssey Stealer, a rebranded evolution of Poseidon Stealer and a fork of the AMOS Stealer, demonstrates superior capabilities within the macOS malware-as-a-service ecosystem.

Its management panel gives attackers a structured interface to handle contaminated units, customise malware builds, and hijack browser classes utilizing stolen cookies.

The malware’s give attention to over 100 browser extensions, significantly cryptocurrency-related ones like MetaMask, underscores its intent to maximise monetary achieve.

To fight this risk, organizations and people should undertake sturdy endpoint safety options, implement risk intelligence, and configure firewalls to dam recognized malicious IPs and domains.

Steady community monitoring, behavior-based anomaly detection, and safety consciousness coaching are crucial to mitigating dangers from such social engineering assaults.

As Odyssey Stealer continues to evolve underneath the suspected upkeep of “Rodrigo,” a key determine behind Poseidon and AMOS, vigilance and adaptive defenses stay paramount.

Indicators of Compromise (IoC)

Indicator Remarks
appmacosx[.]com Malicious area
financementure[.]com Malicious area
cryptoinfo-news[.]com Malicious area
odyssey1[.]to Odyssey C2 Panel
45[.]135.232.33 Odyssey C2 Panel
a0bdf6f602af5efea0fd96e659ac553e0e23362d2da6aecb13770256a254ef55 Apple Script
Tags: ActorsAppleScriptsClickfixcredentialsDeployLoginMaliciousStealingtacticsthreat
Admin

Admin

Next Post
Stefania Druga on Designing for the Subsequent Technology – O’Reilly

Stefania Druga on Designing for the Subsequent Technology – O’Reilly

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Trending.

Discover Vibrant Spring 2025 Kitchen Decor Colours and Equipment – Chefio

Discover Vibrant Spring 2025 Kitchen Decor Colours and Equipment – Chefio

May 17, 2025
Reconeyez Launches New Web site | SDM Journal

Reconeyez Launches New Web site | SDM Journal

May 15, 2025
Safety Amplified: Audio’s Affect Speaks Volumes About Preventive Safety

Safety Amplified: Audio’s Affect Speaks Volumes About Preventive Safety

May 18, 2025
Flip Your Toilet Right into a Good Oasis

Flip Your Toilet Right into a Good Oasis

May 15, 2025
Apollo joins the Works With House Assistant Program

Apollo joins the Works With House Assistant Program

May 17, 2025

TechTrendFeed

Welcome to TechTrendFeed, your go-to source for the latest news and insights from the world of technology. Our mission is to bring you the most relevant and up-to-date information on everything tech-related, from machine learning and artificial intelligence to cybersecurity, gaming, and the exciting world of smart home technology and IoT.

Categories

  • Cybersecurity
  • Gaming
  • Machine Learning
  • Smart Home & IoT
  • Software
  • Tech News

Recent News

How authorities cyber cuts will have an effect on you and your enterprise

How authorities cyber cuts will have an effect on you and your enterprise

July 9, 2025
Namal – Half 1: The Shattered Peace | by Javeria Jahangeer | Jul, 2025

Namal – Half 1: The Shattered Peace | by Javeria Jahangeer | Jul, 2025

July 9, 2025
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://techtrendfeed.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT

© 2025 https://techtrendfeed.com/ - All Rights Reserved