A newly discovered macOS infostealer, dubbed Infinity Stealer, utilizes a Nuitka-compiled Python payload to target macOS systems, marking the first such campaign identified by Malwarebytes. The malware spreads through ClickFix, deceiving users with fake Cloudflare CAPTCHA pages that instruct them to execute a command in Terminal, initiating the infection process1. This social engineering tactic has gained traction, previously used in Windows-based attacks. The Infinity Stealer's emergence signifies a notable development in the threat landscape, as state-aligned threat activity can elevate the stakes from mere criminality to geopolitical implications. The use of Nuitka and ClickFix demonstrates the adaptability of threat actors, highlighting the need for vigilance among macOS users. So what matters to practitioners is that this new infostealer campaign underscores the importance of educating users about suspicious CAPTCHA pages and the risks of executing unknown commands in Terminal.
New macOS Infinity Stealer uses Nuitka Python payload and ClickFix
⚡ High Priority
Why This Matters
State-aligned threat activity raises the calculus from criminal to geopolitical — implications extend beyond the immediate target.
References
- SecurityAffairs. (2026, March 30). New macOS Infinity Stealer uses Nuitka Python payload and ClickFix. SecurityAffairs. https://securityaffairs.com/190147/security/new-macos-infinity-stealer-uses-nuitka-python-payload-and-clickfix.html
Original Source
SecurityAffairs
Read original →