Researchers have identified three separate ClickFix campaigns delivering a macOS information stealer called MacSync through fake AI tool installers, according to The Hacker News. The attacks do not rely on a software flaw. Instead, they trick users into copying and executing terminal commands, which then fetch and run the malware.
In these campaigns, victims are lured by bogus AI tool installer pages and told to complete installation steps manually. Once executed, the command chain can download MacSync, a macOS information stealer.
The main risk is that the attack bypasses the assumptions many users make about malware infections. There is no exploit, no drive-by download, and often no obvious warning beyond the request to paste a command into Terminal.
The MacSync activity shows a playbook adapted to the strong demand for AI tools, where users may be more willing to install apps from unfamiliar sites and follow unusual setup instructions.
