Overview
- Malwarebytes detailed a new Mac infostealer called Infiniti Stealer and released indicators of compromise plus clear cleanup steps.
- The lure is a Cloudflare‑style CAPTCHA on update-check[.]com that tells users to open Terminal and paste a command, a social trick known as ClickFix.
- That command pulls a bash script that drops a Nuitka‑compiled loader, which unpacks a Python 3.11 stealer that is tougher for scanners to catch.
- The malware grabs browser passwords, Keychain items, crypto wallets, plain‑text developer secrets, and screenshots, then sends the data to its server and alerts the operator on Telegram.
- It tries to evade analysis with sandbox checks and random delays, and researchers warn this Windows‑born tactic could spread on Macs unless users stop pasting commands from websites.