What is Atomic Stealer on macOS?

Commodity malware grabbing passwords, crypto, Keychain data via ClickFix lures. Now using Script Editor bypass.

How does ClickFix with Script Editor work?

Fake site launches pre-coded Script Editor via applescript://. Downloads, runs stealer binary stealthily—no Terminal.

Is my Mac safe from this stealer campaign?

Not if you click bad links. Update to Tahoe, ignore Script prompts, stick to official Apple guides.

Hackers Weaponize macOS Script Editor for Atomic Stealer Sneak Attack

Your Mac's Script Editor just got drafted into malware duty. Hackers are using fake Apple cleanup guides to unleash Atomic Stealer without you ever touching Terminal.

theAIcatchup Apr 09, 2026 3 min read

Malicious Script Editor window launching Atomic Stealer on macOS

⚡ Key Takeaways

Hackers bypass macOS Tahoe warnings using trusted Script Editor in ClickFix attacks. 𝕏
Atomic Stealer targets crypto wallets, passwords, and Keychain—now with backdoor persistence. 𝕏
Users: Treat all Script Editor popups as malware until proven otherwise. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#Atomic Stealer #ClickFix attack #Script Editor exploit #macOS malware

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

ChipSoft Ransomware: When One Vendor's Glitch Cripples Dutch Hospitals

Budget Android Phones Are Shipping Straight from Factories with Firmware Malware

Fake Windows Update Scam Steals French Users' Passwords and Bank Data

Chaos Botnet's Cloud Pivot: SOCKS Proxies Signal Cybercrime's Next Cash Cow

Stay in the loop