MalwareApr 16, 2026
North Korea Uses ClickFix to Target macOS Users' Data
North Korean Sapphire Sleet deploys ClickFix malware via fake job offers and Zoom updates targeting macOS users.
Summary
Sapphire Sleet, a North Korean threat actor, is leveraging ClickFix malware to target macOS users through social engineering campaigns using fake job postings and counterfeit Zoom software updates. The attack chain delivers credential theft and sensitive data exfiltration capabilities. This represents a shift in North Korean tactics to focus on macOS-specific attack vectors.
Indicators of Compromise
- malware — ClickFix
Entities
Sapphire Sleet (threat_actor)macOS (product)Zoom (product)