THE article discusses the emergence of **Infiniti Stealer**, a previously undocumented macOS infostealer that uses **ClickFix** and **Python/Nuitka** to harvest sensitive data. Instead of exploiting vulnerabilities, it employs social engineering by tricking users into executing malicious commands via a fake CAPTCHA page. The malware's delivery method and compilation with Nuitka make it particularly difficult to detect.
The infection process involves multiple stages: a Bash dropper that sets up the environment, followed by a Nuitka-compiled binary that targets various sensitive data, including browser credentials and keychain entries. Recommendations for those potentially impacted include halting sensitive activities, changing passwords, and running malware scans. The article also includes indicators of compromise (IOCs) related to the malware.