Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

The infection chain includes a fake CAPTCHA page, a Bash script, a Nuitka loader, and the Python-based infostealer.

macOS users are targeted in a fresh ClickFix campaign that uses a Cloudflare-themed verification page to deliver a Python-based information stealer, Malwarebytes reports.

The attack starts with a fake CAPTCHA page that serves a legitimate-looking Cloudflare human verification page asking visitors to paste and execute a command in Terminal.

Referred to as ClickFix, the technique relies on social engineering to trick users into executing malicious commands on their devices and has been widely used in attacks since August 2024, mainly against Windows users.

For more than half a year, however, attacks tailored for macOS have become increasingly convincing, and the variant observed by Malwarebytes is no different.

The fake verification page provides macOS users with specific instructions to open the Terminal and paste and execute a fake verification command that triggers malware ...