Skip to main content Tom's Guide Tom's Guide Search Tom's Guide View Profile Newsletters Phone Insights Phone Best Picks Phone Deals Phone Face-Offs Phone How-Tos Phone Reviews Network Carriers Android Phones Google Phones Motorola Phones OnePlus Phones Samsung Phones Nothing Phone TV Best Picks TV Face-Offs Audio Insights Audio Best Picks Audio Deals Audio Face-Offs Audio How-Tos Audio Reviews Over-Ear Headphones Bluetooth Speakers Smart Speakers TV & Audio Brands Entertainment Streaming Devices Prime Video Paramount Plus PlayStation Handheld Gaming Gaming Peripherals Connections Computing Insights Computing Best Picks Computing Deals Computing Face-Offs Computing How-Tos Computing News Computing Reviews VPN Best Picks VPN Face-Offs VPN How-Tos VPN Reviews Operating Systems Identity Theft Protection Parental Controls Malware & Adware Virtual Reality Augmented Reality Smart Glasses Chromebooks Gaming Laptops Apple Desktops Gaming Desktops Android Tablets Computing Brands AI Insights AI Best Picks AI Face-Offs Google Gemini Apple Intelligence Mattress Best Picks Mattress Deals Mattress Face-Offs Mattress How-Tos Mattress News Mattress Reviews Mattress Care Mattress Toppers Pillows & Bedding Smartwatches Fitness Trackers Smart Rings Apple Watch Home Insights Home Best Picks Home Face-Offs Home How-Tos Home Reviews Home Topics Home Appliances Home Office Home Security Home Brands Popular Brands View Phones Phone Insights Phone Best Picks Phone Deals Phone Face-Offs Phone How-Tos Phone Reviews Network Carriers View Network Carriers Android Phones View Android Phones Google Phones Motorola Phones OnePlus Phones Samsung Phones Nothing Phone TV Best Picks TV Face-Offs Audio Insights View Audio Insights Audio Best Picks Audio Deals Audio Face-Offs Audio How-Tos Audio Reviews Headphones View Headphones Over-Ear Headphones View Speakers Bluetooth Speakers Smart Speakers TV & Audio Brands Entertainment View Entertainment View Streaming Streaming Devices Prime Video Paramount Plus View Gaming PlayStation Handheld Gaming Gaming Peripherals Word Games Connections View Computing Computing Insights Computing Best Picks Computing Deals Computing Face-Offs Computing How-Tos Computing News Computing Reviews VPN Best Picks VPN Face-Offs VPN How-Tos VPN Reviews View Hardware View Software Operating Systems View Security Identity Theft Protection Parental Controls Malware & Adware View VR & AR Virtual Reality Augmented Reality Smart Glasses View Laptops Chromebooks Gaming Laptops View Desktops Apple Desktops Gaming Desktops View Tablets Android Tablets Computing Brands AI Insights AI Best Picks AI Face-Offs AI Engines Google Gemini Apple Intelligence View Wellness Mattresses View Mattresses Mattress Best Picks Mattress Deals Mattress Face-Offs Mattress How-Tos Mattress News Mattress Reviews Mattress Care Mattress Toppers Pillows & Bedding View Fitness Smartwatches Fitness Trackers Smart Rings Apple Watch Home Insights Home Best Picks Home Face-Offs Home How-Tos Home Reviews Home Topics Home Appliances Home Office Home Security View Outdoors Home Brands Popular Brands Pixel 10 Launch LIVE The World in 2035 Wordle Today Galaxy Z Fold 7 Best laptops Best Mattress Recommended reading Malware & Adware Macs under threat from new malware campaign impersonating major ISP — how to stay safe Malware & Adware This Mac malware just got a major upgrade which makes it even harder to delete — how to stay safe Malware & Adware 200,000 passwords, credit card data and more stolen by this dangerous new malware — how to stay safe Online Security Beware: Hackers are using fake credit card emails to steal all your passwords Malware & Adware More than 250 malicious apps are spreading info-stealing malware on Android and iOS — delete these right now Online Security Hackers are using this to spread dangerous malware just in time for summer travel season Online Security Has your computer been hacked? 11 ways to tell and what to do now Online Security Macs under attack from dangerous new info-stealing malware — how to stay safe Amber Bouman 25 August 2025 ClickFix style attacks are now being used to target and infect Macs too When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Tom's Guide) ‘Shamos’ is a new infostealer that's being used to target vulnerable Macs but it's also the latest in a long list of malware taking advantage of ClickFix-style attacks to trick users into downloading malicious software disguised as legitimate programs. Bleeping Computer reports that Shamos is a variant of AMOS (or the Atomic macOS Stealer) and was developed by the COOKIE SPIDER cybercriminal group. It disguises itself as a guide, manual or troubleshooting fix online in order to fool users into downloading it so it can steal sensitive data and credentials from their browsers, as well as Keychain items, Apple Notes and cryptocurrency wallets. CrowdStrike first detected Shamos and according to the cybersecurity firm, hackers have attempted to infect over three hundred of the environments that they monitor using this new malware strain since June. It's spread through malvertising or fake GitHub repositories using ClickFix attacks which prompt targets into executing shell commands in the macOS Terminal. The hackers encourage users to run the commands by getting them to ‘fix’ an error or by installing software. Instead of fixing an issue or problem though, they're actually infecting their own devices with info-stealing malware. You may like Macs under threat from new malware campaign impersonating major ISP — how to stay safe This Mac malware just got a major upgrade which makes it even harder to delete — how to stay safe 200,000 passwords, credit card data and more stolen by this dangerous new malware — how to stay safe CrowdStrike found a few specifically spoofed pages such as mac-safer[.]com or rescue-mac[.]com that claim to provide user assistance with common macOS problems that are often searched for online. The pages contain instructions that direct users in need to copy and paste a command to ‘fix’ the issue; again though, instead of making appropriate changes or repairs to the system, the user is instead downloading a command that decodes a Base64-encoded URL which in turn fetches a malicious Bash script from a remote server. The script then captures the user's password and downloads the Shamos mach-O executable, before executing the malware. Once it’s been installed, it runs commands for data collection so it can take information from the an infected device like cryptocurrency wallet files, Keychain data, Apple Notes data and information stored in their browser. It bundles all of this stolen data, packages it into an archive named out.zip and sends it back to the hackers behind this campaign using curl. ClickFix style attacks have become increasingly popular in malware distribution and have been found in a variety of places from TikTok videos, CAPTCHAS or fixes for fake Google Meet errors. They’re popping up more and more frequently because they’ve been successful in spreading malware, in ransomware attacks and even in state-sponsored attacks launched by more sophisticated hackers. The malware can also ensure persistence via automatic execution on system startup (in cases when it runs with sudo privileges), and it can download additional payloads onto the victim’s home directory as CrowdStrike has observed instances where the threat actors have additionally dropped a spoofed Ledger Live wallet app and a botnet module. Sign up to get the BEST of Tom's Guide direct to your inbox. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. How to stay safe from Mac malware (Image credit: robert coolen/Shutterstock) If you are a macOS user, do not execute commands on your system if you found them online, especially if you don't fully understand what they are, where they come from and what they do. This also applies to GitHub repositories, because this platform is known to host malicious projects designed to infect users who download things without being worried that they may be malicious If you are experiencing issues with macOS, avoid sponsored search results and seek help directly from the Apple Community forums which are moderated by Apple or via the system’s built-in Help menu. Also, with the best Mac antivirus software, you can add an extra layer of security to your computer to protect against malware and other viruses. At the same time, paid antivirus apps often include extra security features to help protect your privacy and security online like a VPN, a password manager or a hardened browser that's more secure to use when conducting financial transactions. Given how successful they've been in the past and how they have victims infect their own devices with malware, ClickFix attacks aren't going anywhere anytime soon. Hopefully Apple and Microsoft come up with a way to mitigate them but until then, it's up to you to be extra careful online and avoid falling for these kinds of attacks. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button. More from Tom's Guide Two-factor authentication provides an easy way to secure your accounts — here's how it works and how to enable it AI browsers can’t tell legitimate websites from malicious ones — here’s why that’s putting you at risk Major flaw in top password managers lets hackers steal your login details, 2FA codes, credit card info and more Contract Length Any Contract Length 12 Months Contracts Showing 2 of 2 deals Mac Premium Bundle $39.99View 75% off - 1st year Norton 360 Deluxe See more Computing News Amber Bouman Social Links Navigation Senior Editor Security Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. You must confirm your public display name before commenting Please logout and then login again, you will then be prompted to enter your display name. Macs under threat from new malware campaign impersonating major ISP — how to stay safe This Mac malware just got a major upgrade which makes it even harder to delete — how to stay safe 200,000 passwords, credit card data and more stolen by this dangerous new malware — how to stay safe Beware: Hackers are using fake credit card emails to steal all your passwords More than 250 malicious apps are spreading info-stealing malware on Android and iOS — delete these right now Hackers are using this to spread dangerous malware just in time for summer travel season Latest in Online Security Over 16 million reportedly hit with PayPal data breach — what to do right now Two-factor authentication provides an easy way to secure your accounts — here's how it works and how to enable it AI browsers can’t tell legitimate websites from malicious ones — here’s why that’s putting you at risk Major flaw in top password managers lets hackers steal your login details, 2FA codes, credit card info and more Popular Chrome VPN extension caught secretly spying on users — uninstall it right now Over 2 billion Gmail users at risk following database hack — how to stay safe Latest in News Google Breaks Down the Environmental Cost of an AI Prompt — Is It Really That Tiny? iPhone 17 Pro could finally get long-awaited charging feature — what we know How to watch Newcastle vs Liverpool: live streams, TV details, team news for Premier League 25/26 Forget iPhones — here’s everything else Apple has in the pipeline, from AirPods Pro 3 to iPads 5 movies to watch after 'The 355' iPhone Fold detailed in new report — display, cameras and Touch ID, plus 3-year iPhone reinvention LATEST ARTICLES Norton VPN features explained: AI-powered protection, Dark web monitoring, IP Rotation and more Score! Save $200 with this Early Labor Day RTX 5070 Ti Gaming Laptop Deal Touchdown! This 65-inch TCL TV just got slashed by $600 in time for NFL kickoff Google Breaks Down the Environmental Cost of an AI Prompt — Is It Really That Tiny? I tried Dolby Atmos FlexConnect with TCL's new home speakers — and it makes surround sound stupid simple Tom's Guide is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. Terms and conditions Contact Future's experts Privacy policy Cookies policy Accessibility Statement Advertise with us Future US, Inc. Full 7th Floor, 130 West 42nd Street, Please login or signup to comment Please wait...