VERY IMPORTANT

A sophisticated malware campaign targeting macOS users has been discovered, utilizing typosquatted domains impersonating the Homebrew package manager. The attack, dubbed ClickFix, exploits users' trust in command-line installation processes. Victims are tricked into executing malicious curl commands, leading to the deployment of a credential harvester and the Cuckoo Stealer malware. This infostealer establishes persistence through LaunchAgents, bypasses Gatekeeper, and employs encrypted C2 communication. It systematically exfiltrates sensitive data including browser credentials, cryptocurrency wallets, and system information. The campaign's infrastructure spans multiple domains hosted on shared IP addresses, indicating a coordinated and evolving threat.