PANews reported on March 30th that, according to GoPlus Security, a new malware called Infiniti Stealer is targeting Mac users. It tricks users into manually pasting and executing malicious commands in the terminal by forging a Cloudflare CAPTCHA page. The first-stage script removes macOS quarantine attributes, writes the second-stage payload to /tmp and runs it silently in the background, and the final payload is a Python data-stealing program compiled using Nuitka to improve its ability to evade detection. This trojan can steal Chromium/Firefox browser and macOS Keychain credentials, encrypted wallets, and sensitive files such as developer .env files, and possesses stealth features such as sandbox detection and delayed execution. GoPlus advises users to avoid clicking on unknown links and installing unverified software. If you suspect your device has been compromised, you should immediately stop using it and reset critical credentials on a clean device.