Fake AI Tools, Real Theft: How ClickFix Campaigns Deliver MacSync on macOS
- Javier Conejo del Cerro
- hace 5 horas
- 4 Min. de lectura
The rise of artificial intelligence tools has created a perfect storm for threat actors. In recent months, multiple ClickFix campaigns have weaponized the trust users place in AI platforms, search engines, and developer workflows to distribute a macOS infostealer known as MacSync. Unlike traditional exploit-driven attacks, these campaigns rely entirely on user interaction, tricking victims into executing malicious Terminal commands disguised as legitimate installation steps. By abusing trusted platforms such as Google, ChatGPT, GitHub, and Cloudflare Pages—and mimicking common developer practices like curl | sh—attackers are able to bypass technical defenses and turn human behavior into the primary attack vector.
Phase 1: Deception & Delivery
The infection chain begins with highly convincing social engineering campaigns delivered through malvertising, search engine manipulation, and trusted platforms. Victims searching for AI tools or developer utilities are redirected via sponsored Google results or malicious links to seemingly legitimate pages.
These pages impersonate tools such as OpenAI Atlas, Claude Code, or system optimization utilities, often hosted on platforms like Google Sites, GitHub-themed pages, or even embedded within ChatGPT conversations to reinforce credibility. In parallel campaigns, attackers have leveraged Cloudflare Pages, Squarespace, and Tencent EdgeOne to host similar lures, further blurring the line between legitimate and malicious content.
What makes ClickFix particularly effective is its simplicity: instead of exploiting software vulnerabilities, it convinces the user to become the execution vector. Victims are instructed to open the Terminal application and paste a command under the pretext of installing or fixing software—something especially common in developer environments.
Phase 2: User Execution & Initial Access
Once the victim executes the provided command, the attack chain is triggered. The pasted command typically downloads and runs a shell script, which acts as the initial loader for the infection.
This script connects to a hard-coded remote server to retrieve the next-stage payload—an AppleScript-based infostealer—and may prompt the user for their system password, granting the malware user-level execution privileges. At the same time, it performs cleanup actions to remove visible traces of execution, reducing the likelihood of detection.
The effectiveness of this phase lies in its alignment with legitimate workflows. Commands such as curl | sh are widely used for installing trusted developer tools like Homebrew, Rust, or Node Version Manager. This familiarity allows malicious commands to blend seamlessly into expected behavior, making users less likely to question their execution.
Phase 3: Payload Execution & Data Exfiltration
Once deployed, MacSync operates as a fully functional infostealer designed to harvest sensitive information from compromised macOS systems. The malware leverages AppleScript to execute its payload, increasingly using dynamic and in-memory execution techniques to evade both static analysis and behavioral detection.
The data targeted is extensive and highly valuable. MacSync is capable of exfiltrating:
System credentials
Local files and documents
macOS Keychain databases
Cryptocurrency wallet seed phrases
To maintain stealth and resilience, newer variants of the malware avoid writing artifacts to disk and instead execute directly in memory. This significantly complicates detection and forensic analysis, particularly in environments that rely heavily on signature-based security tools.
In parallel, the broader ecosystem of ClickFix-style attacks has expanded to include multiple malware families and delivery chains. These include stealers such as Amatera, Atomic, Vidar (improved StealC variants), Impure, VodkaStealer, and SHub, as well as RATs like Remcos, Alien, CastleRAT, and ModeloRAT. Delivery mechanisms range from PowerShell scripts and HTA loaders to Python-based payloads and even DNS TXT record staging.
A notable infrastructure component in these campaigns is the use of traffic distribution systems (TDS) like KongTuke, which dynamically route victims to tailored payloads, often leveraging compromised WordPress sites and fake CAPTCHA challenges. In some cases, over 250 legitimate websites across multiple countries have been weaponized to serve these malicious instructions.
Phase 4: Evasion, Adaptation & Scale
The continuous evolution of these campaigns highlights a clear trend: attackers are rapidly adapting to security controls by shifting toward behavior-based evasion techniques. The latest MacSync variants incorporate:
Dynamic AppleScript payload generation
In-memory execution to avoid disk artifacts
Use of trusted domains and services for staging and delivery
Exploitation of legitimate developer workflows
At the same time, attackers are increasingly targeting macOS users due to their high-value assets, including SSH keys, cloud credentials, and cryptocurrency wallets. The growing adoption of AI tools among developers further amplifies this risk, as it creates a natural pretext for executing commands provided by seemingly authoritative sources.
Rather than relying on technical vulnerabilities, these campaigns exploit a deeper weakness: trust in familiar platforms and workflows.
Measures to Fend Off
Avoid executing unknown or unverified Terminal commands, especially those copied from web pages or chat interfaces
Monitor and restrict the use of curl | sh and similar execution patterns in enterprise environments
Detect abnormal AppleScript activity and in-memory execution behaviors
Implement behavioral EDR solutions capable of identifying command execution chains and anomalous process behavior
Inspect traffic to paste services, WebSocket endpoints, and suspicious external servers
Secure WordPress and web infrastructure by applying updates, enforcing strong credentials, and enabling 2FA
Monitor for fake CAPTCHA pages, malicious install flows, and unexpected browser redirections
Educate users—especially developers—on the risks of paste-and-execute attack techniques
Enforce a zero-trust approach to software installation and external instructions
ClickFix campaigns delivering MacSync represent a shift in modern cyber threats: from exploiting software vulnerabilities to exploiting user behavior at scale. By embedding malicious actions within legitimate workflows and trusted environments, attackers bypass traditional defenses and turn everyday actions into entry points.
The abuse of AI-related tools and platforms is particularly concerning, as it reflects a broader trend where innovation and adoption outpace security awareness. As attackers continue refining these techniques, organizations must move beyond purely technical defenses and address the human layer—where trust, convenience, and habit intersect.
In this evolving threat landscape, the most dangerous command may not be the most complex one—but the one that looks completely normal.
The Hacker News
Comentarios