BadByte researchers said to Cyber Security News that the malware employs a deceptive technique known as “ClickFix” or “ClearFix” that displays fake Google reCAPTCHA verification prompts only to macOS users. “This is one of the most sophisticated social engineering campaigns targeting Apple users we’ve seen in 2025,” said cybersecurity expert who discovered the attack. This campaign is particularly dangerous because it uses “EtherHiding,” a technique that stores malicious code on the Binance Smart Chain blockchain to evade detection and resist takedown attempts. By mimicking trusted web elements and automatically copying obfuscated commands to the user’s clipboard, ClickFix bypasses many conventional browser security features and exploits the natural trust users place in routine online interactions. The campaign, dubbed “MacReaper” was initially discovered on a compromised Brazilian news site before investigators expanded their search to reveal the true scale of the attack. ClickFix is a tactic that leverages convincing fake interfaces, such as a reCAPTCHA prompt, to trick users into executing malicious commands in their macOS Terminal. When victims click “I’m not a robot,” the malware silently copies malicious code to their clipboard and instructs them to open Terminal and paste the command. The discovery highlights the growing sophistication of attacks targeting macOS users, challenging the long-held perception that Apple computers are inherently more secure than other platforms.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 06 May 2025 14:15:04 +0000