Gate News message, on March 30, GoPlus Security disclosed that a spyware malware named Infiniti Stealer is stealing from Mac users’ encrypted wallets and sensitive credentials through a “ClickFix” social engineering attack. The attackers forge a highly realistic Cloudflare verification code page to trick users into opening the terminal and manually pasting to execute malicious commands. After the commands are executed, the script will remove macOS quarantine attributes and silently run subsequent payloads by writing them into the /tmp directory. The final payload is a native macOS binary compiled with Nuitka, significantly increasing the difficulty for security tools to detect it. Once deployed, Infiniti Stealer can steal credentials from Chromium/Firefox browsers, macOS Keychain, encrypted wallets, and developer key files (such as .env files), and it also has sandbox detection and delayed execution capabilities to evade tracking.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Tether Freezes 3.29M USDT in Rhea Finance Hacker Address
Tether CEO Paolo Ardoino announced the freezing of 3.29 million USDT connected to a hacker linked to Rhea Finance's $7.6 million theft due to a fake token contract attack.
GateNews9m ago
Circle Faces Class Action Lawsuit Over $230M Unblocked USDC in Drift Protocol Attack
Circle faces a class action lawsuit for failing to freeze $230 million in stolen USDC after the Drift Protocol attack. Plaintiffs argue that Circle's protocols allowed attackers to move and convert the stolen funds without intervention, raising concerns about the company's responsibilities in monitoring cross-chain transfers.
GateNews10m ago
$7.6 million stolen from Rhea Finance: DeFi fake token attack manipulates the oracle
A DeFi protocol, Rhea Finance, suffered a major security vulnerability on April 16, resulting in losses of approximately $7.6 million. The attacker manipulated the oracle by creating a fraudulent token contract, causing the protocol to incorrectly assess the value of assets. This loss represents about 6% of Rhea Finance’s total value locked, demonstrating the risk of oracle manipulation attacks in the DeFi space. Users should carefully evaluate the risk of their assets.
MarketWhisper13m ago
Grinex hacked: $15 million paused from trading, pointing to an “enemy state”
Grinex, a Kyrgyz crypto exchange, paused trading and withdrawals after a large-scale cyberattack and lost about $15 million in USDT. The stolen funds were quickly converted into TRX and ETH to reduce the risk of being frozen. Grinex is believed to be the successor to the sanctioned exchange Garantex, becoming a major trading platform for ruble-to-crypto transactions. In its attack statement, Grinex pointed the incident to an “enemy state,” but it lacked concrete evidence.
MarketWhisper41m ago
Kyrgyzstan-based CEX Halts Trading After $15M USDT Cyberattack and Wallet Breach
A Kyrgyzstan-based cryptocurrency exchange suspended trading after hackers stole over $15 million USDT. The attackers moved funds across blockchains to evade detection. The incident highlights risks in centralized exchanges, especially in less regulated areas.
GateNews1h ago
Zonda CEO Reveals 4,503 BTC Cold Wallet Inaccessible as Founder Remains Missing Since 2022
Zonda, a Polish cryptocurrency exchange, faces a crisis as its cold wallet containing 4,503 Bitcoin is inaccessible, prompting a surge in withdrawal requests. CEO Kral claims the private key was never transferred during the company's takeover, and authorities are investigating the situation amid bankruptcy fears.
GateNews4h ago
