Rewards Hub Infiniti Stealer, a new malware identified by GoPlus Security, is targeting Mac users' cryptocurrency wallets and sensitive credentials. The malware employs a social engineering tactic known as "ClickFix," where attackers create convincing Cloudflare CAPTCHA pages to deceive users into executing malicious commands in Terminal. This process removes macOS quarantine attributes and installs further payloads in the /tmp directory.
The final payload, a native macOS binary compiled with Nuitka, is designed to evade detection by security tools. Once active, Infiniti Stealer can extract credentials from Chromium and Firefox browsers, macOS Keychain, crypto wallets, and developer key files. It also features sandbox detection and delayed execution to avoid tracking.
Infiniti Stealer Malware Targets Mac Users' Crypto Wallets
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.