Mac users have a new malware threat to be on the watch out for.
According to a new report by Malwarebytes, Infiniti Stealer is a new malware attack targeting Mac users that utilizes social engineering tactics and, once the payload is delivered to the device, is very difficult to detect.
Infiniti Stealer
The hacker’s campaign, according to the report, begins with a social engineering technique known as ClickFix. ClickFix is a tactic that tricks the target themself into executing malicious code on their computer.
The targeted user is presented with a website, often through a phishing email or a pop-up on a compromised page, with an urgent update warning that claims to require the user to complete a Cloudflare human verification captcha.
The target is presented with a traditional “I am not a robot” box to check. However, the target is also asked to complete a “manual step.” The page instructs the user to go to Spotlight on their Mac and search for the Terminal app. They are then instructed to paste a provided code into Terminal and hit return.
This code delivers Infiniti Stealer to the target’s Mac.
“Because the user runs the command directly, many traditional defenses are bypassed,” Malwarebytes says in its report. “There’s no exploit, no malicious attachment, and no drive‑by download.”
Mashable Light Speed
According to Malwaybytes, the malware that’s delivered to the victim’s Mac is written in Python but compiled with Nuitka, which creates a native macOS binary. This makes Infiniti Stealer much more difficult to analyze and detect than the more typical type of malware.
“To our knowledge, this is the first documented macOS campaign combining ClickFix delivery with a Nuitka-compiled Python stealer,” Malwarebytes says.
Once Infiniti Stealer is installed on a device, it will attempt to steal data from the victim’s Mac and upload that information to the attacker’s own server. Passwords, screenshots, browser data like cookies, and other sensitive information can be stolen from victims in these types of malware attacks.
Be aware of malware threats
Users should always be careful when following instructions from a website that they are unfamiliar with. Even then, users should be careful they are on a legitimate website of a company they do recognize and not a phishing website run by a bad actor.
Users should be aware that there is no form of captcha or verification that requires code to be entered in the Terminal app.
Furthermore, I typically recommend that anyone who isn’t somewhat familiar with code to avoid any process that requires entering code in their Mac’s Terminal.
If a user believes they may have been infected with malware, Malwarebytes recommends that they stop using the affected computer. They should change their account passwords on a completely separate device and, if possible, revoke access from the infected computer.
Infiniti Stealer appears to follow a new trend of bad actors targeting Apple devices due to the incorrect perception that they are immune from viruses and other types of attacks. DarkSword, for example, is another new threat targeting iPhones and other iOS devices with a malware attack that doesn’t even require a user to download any sort of malicious file.
