Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Infinity Stealer macOS infostealer activity

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

Infinity Stealer is a macOS infostealer being delivered through a ClickFix lure and is able to steal high-value credentials and secrets. The payload is compiled with Nuitka into a native Mach-O binary, which makes static analysis and detection harder. It can collect browser logins, macOS Keychain entries, cryptocurrency wallets, and .env secrets before exfiltrating them to C2.

Related Happenings

SHub Reaper macOS infostealer variant

Malware Activity
First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...

Open Happening

Open-OSS/privacy-filter Hugging Face infostealer activity

Malware Activity
First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

About this happening: A malicious **Hugging Face repository** called **Open-OSS/privacy-filter** impersonated **OpenAI's Privacy Filter** and delivered a **Rust-based information stealer** to **Windows...

Open Happening

Storm infostealer server-side decryption activity

Malware Activity
First: 02.04.2026 17:15 Last: 02.04.2026 17:15 Sources 1

About this happening: The **Storm** infostealer now steals **browser credentials**, **session cookies**, and **crypto wallets** and forwards them to attacker infrastructure for **server-side decryption...

Open Happening

Venom Stealer MaaS continuous credential theft and exfiltration

Malware Activity
First: 01.04.2026 16:30 Last: 01.04.2026 16:30 Sources 1

About this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...

Open Happening

Venom Stealer MaaS infostealer with persistent credential harvesting

Malware Activity
First: 31.03.2026 17:51 Last: 31.03.2026 17:51 Sources 1

About this happening: The **Venom Stealer** infostealer now ships as **malware-as-a-service (MaaS)**, expanding access to a persistent credential-theft tool and raising risk for **Windows** users. It s...

Open Happening

Timeline

  1. 28.03.2026 16:35 2 articles · 2mo ago

    Malwarebytes documents Infinity Stealer macOS ClickFix campaign

    Initial Disclosure

    Malwarebytes documented a new macOS infostealer campaign using ClickFix lures and a fake Cloudflare CAPTCHA on update-check[.]com to trick users into pasting a base64-obfuscated curl command into the macOS Terminal. The chain writes a stage-2 loader to /tmp, removes the quarantine flag, runs it via nohup, and delivers UpdateHelper.bin as an Infinity Stealer payload compiled from Python with Nuitka into a native Mach-O binary that performs anti-analysis checks and steals browser credentials, macOS Keychain entries, cryptocurrency wallets, and .env secrets before exfiltrating data by HTTP POST and triggering a Telegram notification.

    Show sources
    Open in new tab