{
  "name": "Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka",
  "slug": "infiniti-stealer-a-new-macos-infostealer-using-clickfix-and-pythonnuitka",
  "description": "A new macOS infostealer called Infiniti Stealer has been discovered, utilizing ClickFix delivery and Python/Nuitka compilation. The malware spreads through a fake CAPTCHA page, tricking users into running a command themselves. The final payload is a Python-based stealer compiled with Nuitka, making it harder to analyze and detect. The malware targets sensitive data including browser credentials, macOS Keychain entries, cryptocurrency wallets, and developer files. It employs anti-analysis techniques and exfiltrates data via HTTP POST requests. This campaign demonstrates the adaptation of Windows-based techniques to target Mac users and showcases the increasing sophistication of macOS malware.",
  "published": "2026-03-27T08:42:40+00:00",
  "created_at": "2026-03-27T08:42:40+00:00",
  "modified_at": "2026-03-27T08:59:12+00:00",
  "created_at_opencti": "2026-03-27T08:42:40+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2026-03-27",
    "clickfix",
    "infiniti stealer",
    "infostealer",
    "macos",
    "nuitka"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "https://update-check.com/m/7d8df27d95d9"
      },
      {
        "id": "",
        "name": "1e63be724bf651bb17bcf181d11bacfabef6a6360dcdfda945d6389e80f2b958"
      }
    ],
    "malware": [
      {
        "id": "48206dbc-331d-40eb-a28d-3308f195cccf",
        "name": "SHub",
        "slug": "shub"
      },
      {
        "id": "c057a34a-6d00-4fa4-976a-90d6d6ede9bc",
        "name": "MacSync",
        "slug": "macsync"
      },
      {
        "id": "legacy:malware:6f7dbe39d3b48902",
        "name": "Infiniti Stealer",
        "slug": "infiniti-stealer"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2026-20963"
      }
    ]
  },
  "external_refs": [
    "https://securityboulevard.com/2026/03/infiniti-stealer-a-new-macos-infostealer-using-clickfix-and-python-nuitka/",
    "https://otx.alienvault.com/pulse/69c65110c392e209625c97d5"
  ]
}