: Data from browsers, cryptocurrency wallets, 200+ extensions hoovered up

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live session cookies from 14 browsers, 16 cryptocurrency wallets, and more than 200 extensions.

Netskope Threat Labs researcher Jan Michael Alcantara told The Register the team initially observed the campaign last month, and has seen similar instances as recently as last week.

ClickFix is a super popular social engineering tactic used to trick people into executing malicious commands on their own computers, usually by clicking a fake computer problem fix or CAPTCHA prompt.

While the researchers don’t know who the cookie thief is, they note the malware can infect both Windows and macOS machines - Netskope previously warned about the Windows-focused attacks - by using a client-side JavaScript to filter victims by user-agent, ignoring mobile devices and directing desktop users to either a Windows or macOS-specific payload.