Security

'macOS is becoming a more attractive target, and the tools attackers use are becoming more capable and more professional': Experts warn 'convincing' fake CleanMyMac installs target Apple users to empty crypto wallets

'macOS is becoming a more attractive target, and the tools attackers use are becoming more capable and more professional': Experts warn 'convincing' fake CleanMyMac installs target Apple users to empty crypto wallets
Published on 09 March 2026 TechRadar

Summary

A sophisticated crypto theft campaign has emerged, featuring a fake website, ClickFix, and an infostealer. This alarming scheme highlights the growing risks in the cryptocurrency space, urging users to remain vigilant against such deceptive tactics.

Read Original Article

Key Insights

What is an infostealer in the context of this macOS malware campaign?
An infostealer is malware designed to quietly extract sensitive data such as cryptocurrency wallet details, passwords, browser credentials, and recovery phrases from infected devices without user detection.
Sources: [1]
How do fake CleanMyMac installs steal cryptocurrency on macOS?
The fake CleanMyMac app masquerades as cracked software, prompting users to install it in /Applications; it then downloads malicious payloads from sites like apple-analyser[.]com, replacing legitimate crypto wallets like Exodus and Bitcoin-Qt with trojanized versions that capture seed phrases and unlock passwords when accessed.
Sources: [1]
An unhandled error has occurred. Reload 🗙