MAC users face a new malware threat called Infiniti Stealer, a Mac-focused information stealer that, according to Malwarebytes, uses social engineering and is very difficult to detect once the payload is delivered. The campaign starts with a tactic known as ClickFix, where users are tricked into running malicious code via a phishing email or a compromised page pop-up presenting an urgent update and a Cloudflare human verification captcha.
The page then asks the target to open Spotlight, search for the Terminal app, paste a provided code into Terminal, and press return; this code delivers Infiniti Stealer to the Mac. The process relies on a “manual step” that pressures the user to act, increasing the likelihood of execution. Read more at Mashable for additional detail.