{"id":14586,"date":"2026-05-09T00:31:38","date_gmt":"2026-05-09T00:31:38","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=14586"},"modified":"2026-05-09T00:31:38","modified_gmt":"2026-05-09T00:31:38","slug":"pretend-macos-troubleshooting-websites-used-to-steal-icloud-knowledge-in-clickfix-rip-off","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=14586","title":{"rendered":"Pretend macOS Troubleshooting Websites Used to Steal iCloud Knowledge in ClickFix Rip-off"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p>Microsoft Defender Safety Analysis Staff has recognized a brand new marketing campaign designed to achieve unauthorised entry to Apple computer systems with a social engineering trick known as <a rel=\"nofollow\" target=\"_blank\" target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/clickfix-scam-users-mapping-hacker-controlled-drives\/\">ClickFix<\/a>. This methodology has grow to be a most popular selection for scammers these days, as Hackread.com has been monitoring the rising pattern of those assaults. <\/p>\n<p>The brand new analysis from Microsoft provides to those observations, exhibiting how the method is getting used to evade conventional safety and steal high-value knowledge from unsuspecting customers.<\/p>\n<h3 id=\"the-trap-of-fake-troubleshooting\" class=\"wp-block-heading\"><strong>The lure of faux troubleshooting<\/strong><\/h3>\n<p>This marketing campaign begins with tricking people who find themselves in search of assist with their <a rel=\"nofollow\" target=\"_blank\" target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/malicious-google-ads-mac-fake-mac-cleaner\/\" data-type=\"link\" data-id=\"https:\/\/hackread.com\/malicious-google-ads-mac-fake-mac-cleaner\/\">MacBooks<\/a>. In response to Microsoft\u2019s analysis, since late 2025 and all through early 2026, scammers have been tricking individuals with faux troubleshooting guides on websites like Medium, Craft, and Squarespace, which promise to repair a standard drawback, like needing to release disk house or repair a system error. <\/p>\n<p>As a substitute of providing a obtain, the websites provide a command, claiming it&#8217;s a system utility or a fast repair, and the person has to repeat and paste the code into their Mac\u2019s Terminal. \u201cSome websites current this data in a number of languages. As of this writing, these web sites that we\u2019ve noticed are both already down or have been reported,\u201d researchers famous within the <a rel=\"nofollow\" target=\"_blank\" target=\"_blank\" rel=\"noopener\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/06\/clickfix-campaign-uses-fake-macos-utilities-lures-deliver-infostealers\/\">weblog submit<\/a>.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a rel=\"nofollow\" target=\"_blank\" target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/wp-content\/uploads\/2026\/05\/Mac-Users-Targeted-in-New-ClickFix-Campaign-with-Fake-Troubleshooting-Guides.png\"><img loading=\"lazy\" decoding=\"async\" width=\"608\" height=\"626\" src=\"https:\/\/hackread.com\/wp-content\/uploads\/2026\/05\/Mac-Users-Targeted-in-New-ClickFix-Campaign-with-Fake-Troubleshooting-Guides.png\" alt=\"\" class=\"wp-image-145040\" srcset=\"https:\/\/hackread.com\/wp-content\/uploads\/2026\/05\/Mac-Users-Targeted-in-New-ClickFix-Campaign-with-Fake-Troubleshooting-Guides.png 608w, https:\/\/hackread.com\/wp-content\/uploads\/2026\/05\/Mac-Users-Targeted-in-New-ClickFix-Campaign-with-Fake-Troubleshooting-Guides-291x300.png 291w, https:\/\/hackread.com\/wp-content\/uploads\/2026\/05\/Mac-Users-Targeted-in-New-ClickFix-Campaign-with-Fake-Troubleshooting-Guides-380x391.png 380w\" sizes=\"auto, (max-width: 608px) 100vw, 608px\"\/><\/a><figcaption class=\"wp-element-caption\">Pretend troubleshooting guides (Supply: Microsoft)<\/figcaption><\/figure>\n<\/div>\n<p>As quickly because the command is run, your Mac secretly downloads malware like <a rel=\"nofollow\" target=\"_blank\" target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/amos-stealer-variant-safari-cookies-crypto-wallets\/\">AMOS<\/a> (Atomic macOS Stealer), <a rel=\"nofollow\" target=\"_blank\" target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/clickfix-attack-devs-macsync-malware-fake-claude-tools\/\">Macsync<\/a>, or <a rel=\"nofollow\" target=\"_blank\" target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/fake-cleanmymac-site-clickfix-shub-stealer-macos\/\">SHub Stealer<\/a>. And, because you ran the command your self, the Mac\u2019s regular safety checks, similar to Gatekeeper, are skipped. <\/p>\n<p><a rel=\"nofollow\" target=\"_blank\" target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/osxdok-malware-hits-macs-bypasses-apple-gatekeeper\/\" data-type=\"post\" data-id=\"55257\">Gatekeeper<\/a> normally solely inspects app bundles and disk pictures, so it trusts the person\u2019s direct command. The malware then reveals a faux field asking for a system password to put in a helper instrument. If offered, the hackers achieve full entry to information and settings.<\/p>\n<h3 id=\"what-the-hackers-are-after\" class=\"wp-block-heading\"><strong>What the hackers are after<\/strong><\/h3>\n<p class=\"is-style-default\">The target behind these scams is to acquire as a lot personal data as attainable. On this specific marketing campaign, the malware particularly targets:<\/p>\n<ul class=\"wp-block-list is-style-cnvs-list-styled-positive\">\n<li>\u00a0Info out of your iCloud and Telegram accounts.<\/li>\n<li>\u00a0Non-public paperwork, notes, and pictures smaller than 2 MB.<\/li>\n<li>\u00a0Non-public crypto pockets keys, together with Exodus, Ledger, and Trezor.<\/li>\n<li>\u00a0Saved passwords and login knowledge from browsers like Chrome and Firefox.<\/li>\n<\/ul>\n<p>Microsoft reviews that in some instances, attackers even deleted the person\u2019s genuine crypto apps and changed them with faux, trojanized variations, primarily to watch transactions and steal funds. Additionally, hackers are actually, reportedly. utilizing curl, osascript, and comparable instruments to run the assault instantly in Mac\u2019s reminiscence. This fileless methodology makes detection very troublesome for traditional antivirus software program. Microsoft\u2019s crew additionally found a kill change within the malware that stops working if it detects a Russian keyboard.<\/p>\n<h3 id=\"how-to-stay-safe\" class=\"wp-block-heading\"><strong>Methods to Keep Protected<\/strong><\/h3>\n<p>This drawback has been addressed by Apple by including a security characteristic in macOS 26.4. This characteristic will now generate a warning saying: \u201cPotential malware, Paste blocked\u201d each time you paste a suspicious command into Terminal. <\/p>\n<p>As an extra precaution, researchers recommend avoiding copy-pasting instructions from any weblog or web site with out verifying the supply and solely trusting official updates and guides from Apple to repair points in your Mac.<\/p>\n<p>\n\t\t\t<\/div>\n<p><template id="cWLnWOM4XDx2Q2ZCUzdz"></template><\/script><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Defender Safety Analysis Staff has recognized a brand new marketing campaign designed to achieve unauthorised entry to Apple computer systems with a social engineering trick known as ClickFix. This methodology has grow to be a most popular selection for scammers these days, as Hackread.com has been monitoring the rising pattern of those assaults. The [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":14588,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[3639,157,67,9009,2858,1325,1900,1443,9008],"class_list":["post-14586","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-clickfix","tag-data","tag-fake","tag-icloud","tag-macos","tag-scam","tag-sites","tag-steal","tag-troubleshooting"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14586"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14586\/revisions"}],"predecessor-version":[{"id":14587,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/14586\/revisions\/14587"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/14588"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-05-09 02:23:37 UTC -->