A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal.

Script Editor is a built-in macOS application for writing and running scripts, primarily AppleScript and JXA, that can execute local scripts and shell commands. It is a trusted application pre-installed on macOS systems.

While this is not the first time it has been abused for malware delivery, the researchers note that, in the context of the ClickFix social engineering technique, it does not require the victim to manually interact with the Terminal and execute commands.