Security Bite: ClickFix malware authors already bypassing Apple’s new Terminal paste warning

Published: 1 day ago (April 18, 2026 at 01:51 PM EDT)

1 min read

Source: 9to5Mac

Overview

As you may know, a couple weeks ago on Security Bite I was raving about Apple’s new warning prompt in Terminal that appears when a user pastes potentially malicious commands. The security feature was bundled into the public release of macOS Tahoe 26.4 to further disrupt ClickFix attacks, which are now the leading delivery mechanism for malware on Mac.

However, it now appears malware authors are already deploying workarounds.

Back to Blog

Security news weekly round-up - 17th April 2026

WordPress Plugin Backdoors Someone planted backdoors in dozens of WordPress plug‑ins used in thousands of websiteshttps://techcrunch.com/2026/04/14/someone-pla...

Apple account change alerts abused to send phishing emails

!https://www.bleepstatic.com/content/hl-images/2023/09/11/apple_triangle.jpg Apple account change notifications are being abused to send fake iPhone purchase ph...

30 WordPress Plugins Turned Into Malware After Ownership Change

Overview More than 30 WordPress plugins have been compromised with malicious code that allows unauthorized access to sites running them. The backdoor was plant...

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised s...

Overview

Related posts

Security news weekly round-up - 17th April 2026

Apple account change alerts abused to send phishing emails

30 WordPress Plugins Turned Into Malware After Ownership Change

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched