A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.
The attack uses the ClickFix technique, presenting a fake CAPTCHA that mimics Cloudflare’s human verification check to trick users into executing malicious code.
Researchers at Malwarebytes say this is the first documented macOS campai...
The Infinity Stealer campaign represents a significant escalation in macOS malware sophistication, blending social engineering with advanced technical evasion. The use of ClickFix—a fake CAPTCHA—exploits user trust in familiar verification processes, while the Nuitka compiler’s native binary output complicates detection and analysis. This dual approach underscores a broader trend: attackers are increasingly combining psychological manipulation with technical obfuscation to bypass defenses. The m...