Registration
 
All news
Top Stories
Editors' Picks
Crypto
Financial News
Currencies
Market Voices
Companies
Regulators
Central Banks
Artem Shendetskii
Artem Shendetskii

Mac owners in crosshairs: Infiniti malware steals crypto wallet data via Terminal

Mac owners in crosshairs: Infiniti malware steals crypto wallet data via Terminal
New ClickFix attack on macOS: Fake Cloudflare CAPTCHAs are spreading the Infiniti stealer

​Researchers from Malwarebytes have discovered a new malicious campaign targeting MacBook and Mac desktop owners. Attackers are employing a ClickFix social engineering method, using fake CAPTCHA pages that mimic the Cloudflare service.

The attack is initiated through the domain update-check[.]com, where users are prompted to pass a "human verification" to access content. Instead of a standard click, the victim is asked to copy and paste a specific command into the system Terminal. This manipulation allows for a complete bypass of built-in macOS security mechanisms, as the malicious code is executed by the user themselves. Running the script silently installs a next-generation infostealer called Infiniti Stealer. This campaign confirms that Apple systems are no longer a "safe haven" for crypto investors.

Technical Features and Hidden Mechanisms of Infiniti

Infiniti Stealer is a sophisticated malware compiled into a native macOS binary, making its detection by antiviruses extremely difficult. The program operates entirely in stealth, triggering no pop-ups or system warnings after the script activation. The stealer’s primary goal is extracting sensitive data from browsers and the system Keychain storage.

It poses a particular danger to cryptocurrency holders, as it is configured to automatically search for crypto wallet files. Additionally, the program scans developer files for API keys and passwords and takes screenshots during operation. To prevent analysis, the malware checks the execution environment for virtual machines and security tools. All stolen data is instantly transmitted to the attackers' remote command server via Telegram.

Rising Threats to Personal Wallets and Theft Statistics

This incident is part of a global trend of increasing attacks on individual cryptocurrency users. Previously, the GhostClaw malware was detected spreading through the npm package manager, successfully attacking approximately 178 developers. According to a Chainalysis report, the total amount of stolen funds in the industry reached a critical mark of $3.4 billion in 2025.

Notably, the share of personal wallet hacks rose from 7.3% in 2022 to a record 44% in 2024. If not for the anomalous scale of the Bybit exchange attack, the share of personal storage compromises in 2025 would have stood at 37%. Hackers are increasingly adapting methods previously characteristic only of Windows to the Apple system architecture. Users are advised to exercise extreme vigilance and never paste third-party code into the system management console.

Risk Analysis and Cybersecurity Trends

The migration of ClickFix-type attacks to the macOS platform marks the end of the "security through obscurity" era for the Apple ecosystem. Analytics show a rapid year-over-year (YoY) growth in attacks on personal wallets, necessitating an immediate transition to Cold Storage hardware methods. The use of native binaries instead of simple scripts increases malware survival rates in the system by 40–60% compared to analogs.

The total damage of $3.4 billion last year emphasizes that developing complex software like Infiniti is a highly profitable business for hacking groups. The practical significance of this news lies in the need to implement strict digital hygiene: refusing to execute any commands from unverified web sources. Given the 44% share of personal wallet compromises, the human factor remains the weakest link in digital asset protection.

Recently we wrote that ​Google experts have discovered a new iPhone hacking tool that is already being used by crypto scammers. Vulnerabilities in Apple smartphones may allow attackers to gain access to crypto wallets and users’ personal data. If even the iPhone can no longer be considered secure, where should digital assets be stored?

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.

Editor's Picks for You

Shifting priorities: Governments back mining as businesses turn to AI
  • By Eugene Komchuk
  • 1 hour ago
Shifting priorities: Governments back mining as businesses turn to AI
Editors' Picks
Intel's comeback: Apple, Trump and the AI bet
  • By Mikhail Vnuchkov
  • Yesterday
Intel's comeback: Apple, Trump and the AI bet
Editors' Picks
Bitcoin price prediction based on RSI: Is BTC poised for a new rally?
  • By Oleg Tkachenko
  • 17.06.2026
Bitcoin price prediction based on RSI: Is BTC poised for a new rally?
Editors' Picks
All Editors' Top Picks

Latest Crypto News

Shifting priorities: Governments back mining as businesses turn to AI
  • By Eugene Komchuk
  • 1 hour ago
Shifting priorities: Governments back mining as businesses turn to AI
Editors' Picks
#Crypto #Bitcoin
Court permanently bans Celsius founder Mashinsky from U.S. commodity markets
  • By Pavlo Kot
  • 2 hours ago
Court permanently bans Celsius founder Mashinsky from U.S. commodity markets
Crypto
#Crypto #CFTC #USA
Texas grid approval could boost bitcoin miners' data center expansion
  • By Ashutosh Sureka
  • 12 hours ago
Texas grid approval could boost bitcoin miners' data center expansion
Crypto
#Crypto #USA #Core Scientific
All Crypto News
  • Eugene Komchuk
  • 1 hour ago
Shifting priorities: Governments back mining as businesses turn to AI
  • Mikhail Vnuchkov
  • Yesterday
Intel's comeback: Apple, Trump and the AI bet
  • Oleg Tkachenko
  • 17.06.2026
Bitcoin price prediction based on RSI: Is BTC poised for a new rally?
  • Anastasiia Chabaniuk
  • 16.06.2026
Toncoin becomes Gram: Why Durov restored token's original name
  • Kyle Torpey
  • 15.06.2026
Why Tether flipping Ethereum is a pivotal moment for crypto
  • Jose Antonio Gastelum
  • 18 min ago
Christopher Jaszczynski: Bitcoin and ETH trade yields loss as price moves watched
  • Daria Chernytska
  • 18 min ago
Jacob King: Bitcoin slides despite S&P 500 rally and easing U.S.–Iran tensions
  • Yaroslav Dmytrenko
  • 19 min ago
Jeremy Allaire: Amazon adds USDC payments for content owners and AI data use
  • Mikhail Vnuchkov
  • 38 min ago
Paul Johnson: BBC miscalculated rise in welfare spending due to tax credits exclusion
  • Ashutosh Sureka
  • 49 min ago
Yen nears 40-year low as it weakens past 161, Peter Spina notes
Weekly Top Bonuses
up to $2,500
deposit bonus for all clients
CLAIM BONUS
Your capital is at risk.
Top News
  • Hanna Syniavska
  • 47 min ago
U.S.-Iran talks postponed as truce outlook dims
U.S.-Iran talks postponed as truce outlook dims
  • Olga Shendetskaya
  • 1 hour ago
Oil gains after new U.S.-Iran talks are called off
Oil gains after new U.S.-Iran talks are called off
  • Igor Krasulya
  • 2 hours ago
Goldman Sachs revises gold forecast as Fed stays hawkish
Goldman Sachs revises gold forecast as Fed stays hawkish
  • Eugene Komchuk
  • 3 hours ago
Kalshi prepares for IPO amid revenue growth
Kalshi prepares for IPO amid revenue growth
  • Olga Shendetskaya
  • 18 hours ago
Goldman sees Warsh remarks as new risk for two-year Treasuries
Goldman sees Warsh remarks as new risk for two-year Treasuries
Live News
  • Mykhailo Ihnatenko
  • Now
Solana nears key support as crypto market sentiment deteriorates
  • Mykhailo Ihnatenko
  • Now
Ethereum nears key support as bearish pressure builds
  • Anton Kharitonov
  • Now
Microsoft balances AI investment with investor expectations
  • Anton Kharitonov
  • Now
Apple maintains strong fundamentals despite market pressures
  • Mykhailo Ihnatenko
  • Now
SPCX pulls back for the first time: Can SpaceX optimism sustain rally?
Who We Are
Business Solutions
For Users
TU News
Popular Sections
Disclosures
CONTACT US
Legal
We are in Social Media
© IAFT Ltd., 2010-2026 All rights to the website are owned by IAFT Ltd.,
Registration number - HE 336186
  • Risk disclosure:

    Information on the TradersUnion.com website is for informational purposes only and does not constitute any motive or suggestion to visitors to invest money. Moreover, we hereby warn you that trading on the Forex and CFD markets is always a high risk. According to the statistics, 75-89% of customers lose the funds invested and only 11-25% of traders earn a profit. Trading in futures and options carries substantial risk of loss and is not suitable for every investor.

    That is why you should only invest money that you are prepared — or can afford — to lose at such high risks. Tradersunion.com does not provide any financial services, including investment or financial advisory services. Also, the Traders Union is not a broker and does not get money for trading in the Forex or CFD markets. Our website only provides information on brokers and the markets and helps its users to select the best brokerage company based on detailed information and objective analysis of brokers.

  • Disclaimer:

    Traders Union (TradersUnion.com) shall not be liable for the consequences of trading decisions made by the Client and for the possible loss of his capital resulting from the use of this website and information published on it.

    Forex market, CFD and cryptocurrency trading involves high risks and is not suitable for everyone. Before investing money, you need to adequately assess the level of your expertise and be aware of the risks, particularly in the context of trading with leverage. The information on this website is not intended for distribution or use by any person in any country or jurisdiction, where such distribution or use would be in violation of the local law or regulation. Any payments by Traders Union (TradersUnion.com) to the users of our website shall be legally interpreted solely as an incentive on our part for the activity on the website in the form of a deduction of a part of the advertising income; they shall not be a subject of any claims of our users or our obligations, a subject of disputes, as well as cannot be considered in relation to the services provided to users by brokers, both in fact and in their completeness and volume. The administration of the website shall not be liable for the content of user comments and reviews about the companies and shall not verify whether the authors of the reviews are indeed real clients of a specific company. All reviews, both negative and positive are published on the website without verification of their reliability; only offensive reviews that call for violence or any kind of discrimination and also reviews published from one group of IP addresses are moderated and removed. The authors of the materials shall be fully liable for the accuracy, completeness and impartiality of any information in the articles and reviews, including in the context of their use or mention of any brand names or trademarks. All mentions of the names of companies and their brands in any materials on the website shall be made in the context of communication of socially important information to the people about their activities by independent journalists, who are the authors. All evaluations and indicators on the website express the subjective opinion of the authors of the reviews (articles) and shall not be viewed as accurate statements and be a subject of disputes and claims against Traders Union.

  • Disclosure of advertisers and revenues:

    All the services on the Tradersunion.com website are free for you to use. Our team spends thousands of hours per annum researching brokers and gathering information about them to help investors all over the world to choose reliable companies and to avoid fraudsters.

    Indeed, the curating, sourcing, and organization of this process requires substantial financial investment by Tradersunion.com, which the website earns in the form of advertising payments. There are two types of advertising services on the website — direct advertising or partner (broker) participation programs. However, no services purchased by our partners shall affect the recommendations on our website, or our opinions, or ratings. Our ratings are based on our objective rating criteria and methodology; and the results are always equally and fairly applied to each broker. The work of our content authors and research groups does not involve any interaction with our advertisers and they do not have access to data concerning the amount of advertising purchased. For over 10 years we consider our independence, absolute openness, and objectivity as our main priority. Please follow the links to each of our affiliated broker’s websites. This will help Tradersunion.com to continue to provide our services to you for free.

onepercentfortheplanet.org World Association of News Publishers https://gdpr.eu/ GDPR