Security Alert Issued for Mac Users Targeted by Infiniti Stealer

GoPlus has issued a security warning regarding the malicious program Infiniti Stealer, which is targeting the cryptocurrency wallets of Mac users. According to Foresight News, the program employs social engineering tactics known as 'ClickFix,' using fake Cloudflare CAPTCHA pages to trick users into executing malicious commands on their terminals. Once the commands are executed, the attack chain removes macOS's quarantine attributes and runs the payload in the background. The final payload is a Python stealer program compiled into a native binary file using Nuitka, designed to evade detection effectively. Infiniti Stealer is capable of accessing browser credentials, macOS Keychain, cryptocurrency wallets, and developer keys, such as .env files, and includes sandbox detection and delayed execution features. GoPlus advises users to adhere to the principles of 'do not click, do not install, do not sign, do not transfer,' and to check for persistent files in the /tmp and ~/Library/LaunchAgents/ paths, as well as promptly reset credentials.