Gate News message, on March 30, GoPlus Security disclosed that a spyware malware named Infiniti Stealer is stealing from Mac users’ encrypted wallets and sensitive credentials through a “ClickFix” social engineering attack. The attackers forge a highly realistic Cloudflare verification code page to trick users into opening the terminal and manually pasting to execute malicious commands. After the commands are executed, the script will remove macOS quarantine attributes and silently run subsequent payloads by writing them into the /tmp directory. The final payload is a native macOS binary compiled with Nuitka, significantly increasing the difficulty for security tools to detect it. Once deployed, Infiniti Stealer can steal credentials from Chromium/Firefox browsers, macOS Keychain, encrypted wallets, and developer key files (such as .env files), and it also has sandbox detection and delayed execution capabilities to evade tracking.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Ukraine Dismantles International Cybercrime Ring, Seizes $3M in Cryptocurrency
A suspect connected to an international cybercriminal group was arrested in Ukraine for $100 million in fraud and money laundering. Police seized $11 million in assets and $3 million in cryptocurrency. The suspect faces charges for document forgery and money laundering.
GateNews1h ago
DeFi Sector Faces Multiple Pressures as Yields Fall and $285M Hack Raises Security Concerns
Decentralized finance (DeFi) is under pressure as lending yields drop to levels similar to traditional bonds, blockchain activity declines, and a significant hack raises security concerns, challenging claims of institutional-grade safety.
GateNews1h ago
France to Introduce New Measures to Combat Crypto-Related Kidnappings, 41 Cases Reported in 2026
France is implementing new measures to protect cryptocurrency holders in response to rising crime, including a prevention platform and stricter protocols. The country has seen a significant increase in crypto-related kidnappings, leading global incidents.
GateNews3h ago
RedPeach Implements Facial Recognition Tests to Ban Sex Robots and Fake Creators
RedPeach has introduced mandatory facial recognition for content creators to combat impersonation by AI and outsourced chatters, ensuring genuine interactions. CEO Marco Cally emphasizes user protection against emotional scams, following legal challenges in the industry.
GateNews4h ago
CoW Swap users warned after Blockaid flags COW.FI frontend attack
Blockaid flags CoW Swap's cow.fi frontend as malicious, urging users to revoke token approvals and avoid the dApp amid a broader wave of DeFi interface attacks.
Summary
Blockaid flags CoW Swap's main cow.fi frontend as malicious.
Users are urged to revoke token approvals and avoid the dApp
Cryptonews7h ago
Bitcoin Core Developers Propose BIP-361 to Freeze 1.7M Early BTC Against Quantum Computing Threats
BIP-361, proposed by co-authors including Jameson Lopp, aims to secure early Bitcoin by migrating 1.7 million coins from weak P2PK addresses to stronger formats, allowing 3-5 years for users before freezing untransferred coins. Community responses vary significantly.
GateNews9h ago
