Not stopping at typical malware tricks, Infiniti Stealer targets Macs using clever social manipulation instead of system flaws. Security firm Malwarebytes uncovered the operation, highlighting how it dodges standard protection tools. Once inside, the software slips under the radar easily. What stands out is its reliance on tricking users, not breaking through digital walls.
Starting off, attackers rely on a technique called ClickFix, tricking people into running harmful software without realizing it. Instead of clear warnings, users land on fake websites designed to look real – usually through deceptive emails or infected links. These pages imitate trusted security checks used by Cloudflare, copying their layout closely. A common “I am not a robot” checkbox shows up first. Then comes misleading directions hidden inside what seems like normal steps. Though simple at glance, each piece nudges victims toward unintended actions.
Spotlight pops up when users start the process, guiding them toward finding Terminal. Once there, they run an unfamiliar line of code by pasting it directly. What seems like a small task hides its real intent – execution happens under human control, so security tools often stand down. The trick works because actions led by people rarely trigger alarms, even if those actions carry risk. Hidden behind normal behavior, the command slips through defenses without raising flags.
Execution triggers installation of Infiniti Stealer onto the system. Though built in Python, it becomes a standalone macOS executable through compilation with Nuitka. Because of this conversion, detection by security software weakens. Analysis grows more difficult when facing such repackaged threats instead of standard interpreted scripts. Stealth improves simply by changing how the code runs.
Once installed, it starts pulling private details from the compromised device. Things like stored login credentials, web history including cookies, snapshots of screens appear among what gets gathered. From there, the data flows toward remote machines managed by hackers – opening doors to hijacked accounts or stolen identities. What leaves the machine often fuels more invasive misuse downstream.
What stands out is how this campaign signals a change in the way attackers operate.
Moving away from technical flaws or harmful file attachments, they now lean heavily on manipulating people’s actions – especially by abusing their confidence in everyday website features such as CAPTCHA challenges.
When unsure, steer clear of directions from unknown online sources – particularly if they involve running Terminal commands. Real authentication processes never ask people to enter scripts into core system utilities.
When signs of infection appear, stop using the device without delay. Security professionals suggest changing credentials through an unaffected system right away. Access tokens tied to the infected hardware should be invalidated promptly. A different machine must handle these updates to prevent further exposure.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: