North Korea Uses ClickFix to Target macOS Users' Data

📅 16 April 2026 at 19:42 UTC📰 Dark ReadingView original source ↗

Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

North Korea is using ClickFix, a malicious tool disguised as a Zoom update, to target macOS users' data by luring them into installing fake job offers. This attack aims to steal credentials and sensitive information from Macs.

⚙️Technical Details

Affected Systems

macOS

Attack Vectors

Fake job offers and phony Zoom updates

💥Impact Assessment

Severity: H

Who Is at Risk

macOS users

🛡️Recommended Actions

1Keep macOS up to date with the latest security patches.

2Be cautious of unsolicited job offers and Zoom updates, and never install software from untrusted sources.

3Use two-factor authentication to protect sensitive data.

📦Affected Products

[object Object]

Read the full article

This is a curated summary. The complete article is available at Dark Reading.

Read on Dark Reading ↗

← Back to feed