A phishing campaign targeting macOS users employs a ClickFix technique to deliver the Odyssey Stealer malware. The attack uses a fake CAPTCHA verification page that executes without dropping a binary on the system. When users follow the instructions, they unknowingly execute a malicious AppleScript that collects sensitive data, including crypto wallet information, browser extensions, cookies, saved keychains, usernames, and passwords. The script creates a ZIP archive of the stolen data and exfiltrates it to a command and control server. This sophisticated attack blends phishing and social engineering to bypass traditional detection methods, making it challenging to detect and analyze. Author: AlienVault
Related Tags:
crypto wallet
T1553.001
applescript
clickfix
T1074.001
T1059.002
T1070.004
T1056.001
macos
Associated Indicators:
tradingviewen.com
45.146.130.131
45.46.130.131