GoPlus: Infiniti Stealer steals Mac crypto assets via "ClickFix" attack.

CoinFeed reported on March 30th that, according to GoPlus Security, a new malware called Infiniti Stealer is targeting Mac users. It tricks users into manually pasting and executing malicious commands in the terminal by forging a Cloudflare CAPTCHA page. The first-stage script removes macOS quarantine attributes, writes the second-stage payload to /tmp and runs it silently in the background, and the final payload is a Python data-stealing program compiled using Nuitka to improve its ability to evade detection. This trojan can steal sensitive files such as Chromium/Firefox browser credentials, macOS Keychain credentials, encrypted wallets, and developer .env files, and possesses stealth features such as sandbox detection and delayed execution.