New macOS ClickFix attack silently mounts DMGs to push infostealer

A new macOS ClickFix campaign uses Terminal commands to silently download, mount, and launch Atomic macOS Stealer (AMOS) from malicious DMG files. Palo Alto Networks Unit 42 discovered the campaign, which starts with a fake CAPTCHA page. The attack steals browser credentials, cryptocurrency wallet data, Keychain data, and user documents.