Infinit Stealer Exploits Spotlight To Infect Macs

On March 30, Malwarebytes and Mashable reported a new macOS malware, Infinit Stealer, that uses a ClickFix social‑engineering scheme to trick users into running Terminal commands. The attack prompts victims to perform a Spotlight search and paste a provided code, delivering the payload while bypassing traditional defenses. Users are advised to stop using infected machines, change passwords from separate devices, and revoke access.
Key Points
- 1Employs ClickFix social engineering to trick macOS users into executing Terminal commands
- 2Bypasses traditional defenses because users run commands directly, avoiding attachments or exploits
- 3Advise practitioners to isolate infected Macs, revoke access, and change passwords securely
Scoring Rationale
Fresh, credible report (Malwarebytes/Mashable) about a notable ClickFix macOS stealer. High marks for credibility, relevance, and direct remediation steps; moderated by limited novelty and sector-limited scope.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

