Mac users have a new malware threat to be on the watch out for.

According to a new report by Malwarebytes, Infiniti Stealer is a new malware attack targeting Mac users that utilizes social engineering tactics and, once the payload is delivered to the device, is very difficult to detect.

Infiniti Stealer

The hacker's campaign, according to the report, begins with a social engineering technique known as ClickFix. ClickFix is a tactic that tricks the target themself into executing malicious code on their computer.

The targeted user is presented with a website, often through a phishing email or a pop-up on a compromised page, with an urgent update warning that claims to require the user to complete a Cloudflare human verification captcha.

The target is presented with a traditional "I am not a robot" box to check. However, the target is also asked to complete a "manual step." The page instructs the user to go to Spotlight on their Mac and search for the Terminal app. They are then instructed to paste a provided code into Terminal and hit return.

This code delivers Infiniti Stealer to the target's Mac.

"Because the user runs the command directly, many traditional defenses are bypassed," Malwarebytes says in its report. "There’s no exploit, no malicious attachment, and no drive‑by download."

According to Malwaybytes, the malware that's delivered to the victim's Mac is written in Python but compiled with Nuitka, which creates a native macOS binary. This makes Infiniti Stealer much more difficult to analyze and detect than the more typical type of malware.

"To our knowledge, this is the first documented macOS campaign combining ClickFix delivery with a Nuitka-compiled Python stealer," Malwarebytes says.

Once Infiniti Stealer is installed on a device, it will attempt to steal data from the victim's Mac and upload that information to the attacker's own server. Passwords, screenshots, browser data like cookies, and other sensitive information can be stolen from victims in these types of malware attacks.

Be aware of malware threats

Users should always be careful when following instructions from a website that they are unfamiliar with. Even then, users should be careful they are on a legitimate website of a company they do recognize and not a phishing website run by a bad actor.

Users should be aware that there is no form of captcha or verification that requires code to be entered in the Terminal app.

Furthermore, I typically recommend that anyone who isn't somewhat familiar with code to avoid any process that requires entering code in their Mac's Terminal.

If a user believes they may have been infected with malware, Malwarebytes recommends that they stop using the affected computer. They should change their account passwords on a completely separate device and, if possible, revoke access from the infected computer.

Infiniti Stealer appears to follow a new trend of bad actors targeting Apple devices due to the incorrect perception that they are immune from viruses and other types of attacks. DarkSword, for example, is another new threat targeting iPhones and other iOS devices with a malware attack that doesn't even require a user to download any sort of malicious file.

Johnson / Money Talks News

Here’s a number that should make you both furious and curious: approximately 1 in 7 people in the U.S. have unclaimed cash or property waiting to be claimed, according to the National Association of Unclaimed Property Administrators (NAUPA). That’s not a typo: 1 in 7. And it gets worse. In fiscal year 2024, states returned over $4.49 billion to owners — meaning billions more are still sitting in…

USA TODAY Network / Reuters

Just days before the April 15 tax deadline, the Internal Revenue Service issued final regulations and clarifications for jobs and situations that qualify for the so-called “no tax on tips” deduction. A preliminary list issued in September gave tax filers some earlier guidance on “no tax on tips” occupations. The list is a long one but so, too, is the list of reasons you might qualify — or not…