Mac users have a new malware threat to be aware of.
According to a new report by MalwarebytesInfiniti Stealer is a new malware attack targeting Mac users that uses public engineering techniques and, once the payload is delivered to the device, it becomes very difficult to detect.
Infiniti Stealer
The hacker’s campaign, according to the report, begins with a social engineering technique known as ClickFix. ClickFix is a trick that tricks its targets into running malicious code on their computer.
A targeted user is introduced to a website, usually by using a email phishing or a pop-up on a corrupted page, with an urgent update warning that requires the user to fill in Cloudflare’s personal authentication captcha.
The target is presented with a traditional “I’m not a robot” box to be checked. However, the target is also asked to complete a “manual step.” The page instructs the user to go to Spotlight on their Mac and search for a terminal application. They are then instructed to paste the provided code into the Terminal and hit return.
This code brings Infiniti Stealer to the target Mac.
“Because the user is running the command directly, many traditional defenses are bypassed,” Malwarebytes said in its report. “No exploits, no malicious attachments, and no download drives.”
Mashable Light Speed
According to Malwaybytes, the malware delivered to the victim’s Mac is written in Python but bundled with Nuitka, which creates native macOS binaries. This makes Infiniti Stealer more difficult to analyze and identify than a normal type of malware.
“To our knowledge, this is the first documented macOS campaign that combines the delivery of ClickFix with the Nuitka-compiled Python stealer,” Malwarebytes said.
Once Infiniti Stealer is installed on a device, it will try to steal data from the victim’s Mac and upload that information to the attacker’s own server. Passwords, screenshots, browser data such as cookies, and other sensitive information can be stolen from victims in these types of malware attacks.
Be aware of malware threats
Users should always exercise caution when following instructions from unfamiliar websites. However, users should be aware that they are on the official website of the company they are viewing and not phishing a website run by a bad actor.
Users should note that there is no type of captcha or verification that requires a code to be entered into the Terminal application.
In addition, I usually recommend that anyone who is not familiar with code to avoid any process that requires entering code into their Mac terminal.
If a user believes they may have been infected with malware, Malwarebytes recommends they stop using the affected computer. They should change their account passwords on a completely different device and, if possible, revoke access to the infected computer.
Infiniti Stealer seems to be following a new trend of bad actors targeting Apple devices due to the misconception that they are not immune to viruses and other types of attacks. The DarkSwordfor example, another new threat targeting iPhones and some iOS devices have malware attacks that don’t even require the user to download any type of malicious file.
