A newly discovered macOS infostealer, dubbed Infiniti Stealer, has been found to exploit users through a fake CAPTCHA page, leveraging social engineering tactics to trick victims into executing a command. This malware, initially tracked as NukeChain, is designed to steal sensitive data from Macs and utilizes a Python-based payload compiled with Nuitka. The use of ClickFix, a technique that relies on user interaction rather than exploiting a specific vulnerability, such as a CVE, allows the malware to bypass traditional security measures. The Infiniti Stealer operator panel, which recently became publicly visible, has shed light on the malware's inner workings1. The implications of this discovery extend beyond the immediate target, as state-aligned threat activity can raise the stakes from criminal to geopolitical. This highlights the need for users to be cautious when interacting with unfamiliar websites and prompts, as a single misstep can lead to significant data compromise, making it essential for practitioners to stay vigilant and adapt their security strategies to counter such threats.