🦠 Ransomware & Malware

Atomic Stealer Slips Past Apple's Terminal Guard Using Script Editor Sleight-of-Hand

A fake Apple popup on your Mac browser isn't just annoying—it's the new face of Atomic Stealer, tricking you into Script Editor instead of Terminal. Apple's security patch? Already outflanked.

Threat Digest Apr 11, 2026 4 min read
Fake Apple disk space recovery popup prompting Script Editor code paste in Atomic Stealer attack

⚡ Key Takeaways

  • Atomic Stealer evades macOS 14.4 Terminal warnings by routing through trusted Script Editor in ClickFix campaigns. 𝕏
  • ClickFix preys on social engineering, not exploits—making it hard for Apple to fully block without crippling usability. 𝕏
  • Admins: Restrict clipboard, monitor Script Editor; users: Ignore fake Apple popups demanding code pastes. 𝕏
Published by

Threat Digest

Threat intelligence. Zero noise.

#Apple security bypass #Atomic Stealer #ClickFix attack #Jamf Threat Labs #macOS malware

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by InfoSecurity Magazine

Related Stories

📬

Stay in the loop

The week's most important stories from Threat Digest, delivered once a week.

No spam. Unsubscribe any time.