New malware steals data from Mac users. Here’s how to recognize it.
Mac users should be wary of a new malware threat.
According to a new report from MalwarebytesInfiniti Stealer is a new malware attack targeting Mac users that uses social engineering tactics and, once the payload is delivered to the device, is very difficult to detect.
Infiniti Thief
The hacker’s campaign, according to the report, begins with a social engineering technique known as ClickFix. ClickFix is a tactic that tricks the target themselves into executing malicious code on their computer.
The targeted user is presented with a website, often via a phishing email or a pop-up on a compromised page, with an urgent update warning that claims to require the user to complete a Cloudflare human verification captcha.
The target is presented with a traditional “I am not a robot” box to check. However, the target is also asked to perform a “manual step”. The page asks the user to go to Spotlight on their Mac and search for the Terminal app. They are then asked to paste a provided code into the terminal and press Return.
This code delivers Infiniti Stealer to the target’s Mac.
“Because the user executes the command directly, many traditional defenses are bypassed,” Malwarebytes explains in its report. “There are no exploits, no malicious attachments and no drive-by downloads.”
Crushable speed of light
According to Malwaybytes, the malware sent to the victim’s Mac is written in Python but compiled with Nuitka, which creates a native macOS binary. This makes Infiniti Stealer much harder to scan and detect than the most common type of malware.
“To our knowledge, this is the first documented macOS campaign combining ClickFix delivery with a Nuitka-compiled Python stealer,” Malwarebytes explains.
Once Infiniti Stealer is installed on a device, it will attempt to steal data from the victim’s Mac and upload that information to the attacker’s own server. Passwords, screenshots, browser data such as cookies, and other sensitive information can be stolen from victims of these types of malware attacks.
Be aware of malware threats
Users should always be careful when following instructions from an unfamiliar website. Even then, users should be careful if they are on the legitimate website of a company they recognize and not a legitimate website. phishing website run by a bad actor.
Users should be aware that there is no form of captcha or verification that requires entering a code into the Terminal app.
Additionally, I generally recommend that anyone who is not somewhat familiar with code avoid any process that requires entering code into their Mac’s terminal.
If a user believes they have been infected with malware, Malwarebytes recommends that they stop using the affected computer. They should change their account passwords on a completely separate device and, if possible, revoke access to the infected computer.
Infiniti Stealer appears to be following a new trend of bad actors targeting Apple devices due to the misperception that they are immune to viruses and other types of attacks. Dark Swordfor example, is another new threat target iPhones and other iOS devices with a malware attack that doesn’t even require a user to download any type of malicious file.
