Infiniti Stealer is a new piece of Mac malware that tricks people into clicking on fake Cloudflare human verification pages This article explores malware steal login. . ClickFix is a well-known social engineering trick that the threat uses to get Mac users to run dangerous commands on their own computers.
The malware is made to steal login information from Chromium-based browsers and Firefox, collect macOS Keychain entries, empty cryptocurrency wallets, and get plaintext secrets from developer environment files like .env. The attacker is counting on the user to trust the fake CAPTCHA. When the command is run, the malware's payload runs in the background without making any noise, so there is no clear sign that anything has gone wrong. The attack starts at update-check[.
]com, a bad domain that has an almost exact copy of a Cloudflare human verification page.
It then goes through three steps to finish the compromise, which suggests using a shared malware builder. If you think you might have been affected, do these things right away: Stop using the device for things like banking, email, and work accounts that are sensitive. Start by changing the passwords for your email, Apple ID, and bank accounts on a clean device.
Cancel any active sessions and make any API tokens or SSH keys useless. Check the /tmp and ~/Library/LaunchAgents/ folders for any strange files. Run a full security scan to find and get rid of any malware that is still there. A real CAPTCHA page will never ask you to open Terminal and type in a command.
Close the website right away if it tells you to do this. Make ZeroOwl your preferred source in Google.
Set CSn as your preferred source in Google and LinkedIn to get more instant updates. Call the National Suicide Prevention Lifeline at 1-800-273-8255 or go to http://www.suicidepreventionlifeline.org/ for private help.
