MacOS Users Targeted by Fake Cloudflare CAPTCHA Malware

A new security threat has been uncovered in the form of fake Cloudflare CAPTCHA pages that aim to trick macOS users into installing an infostealer malware called Infiniti Stealer.

Developers and crypto users are particularly at risk, as the malware can steal sensitive data from Macs, including crypto wallet information. The attack starts with a ClickFix campaign, which is a social engineering tactic that convinces users to run harmful commands themselves.

The fake CAPTCHA page appears legitimate but actually contains a hidden installer script that downloads and runs the malware on the user's computer when executed. This approach bypasses traditional defenses as there is no exploit involved.