A previously undocumented macOS infostealer has surfaced during our routine threat hunting. Malwarebytes Labs researchers initially tracked it as NukeChain, but shortly before publication, the malware’s operator panel became publicly visible, revealing its real name: Infiniti Stealer.
This malware is designed to steal sensitive data from Macs. It spreads through a fake CAPTCHA page that tricks users into running a command themselves: a technique known as ClickFix. Instead of exploiting a bug, it relies on social engineering. The final payload is written in Python and compiled with Nuitka, producing a native macOS binary. That makes it harder to analyze and detect than typical Python-based malware. To our knowledge, this is the first documented macOS campaign combining ClickFix delivery with a Nuitka-compiled Python stealer.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Retro tech leaves NHS open to cyber-attacks, say researchers
August 20, 2018
Hackers could gain access to NHS networks by exploiting vulnerabilities in fax machines, security researchers have suggested. Staff at Check Point Software discovered exploits in widely-used fax machines that enable hackers to spread malware through a malicious image file. Malware can be coded into the image file which, when decoded by the fax machine and uploaded to its ...
- Cyber security threat to Britain’s oil and gas sites as attack could cause ‘unprecedented damage’
August 17, 2018
Brian Lord OBE says a successful attack on its infrastructure could cause “unprecedented damage” and “unrest across the world”. With a complex ecosystem of computation, networking, and physical operational processes spread around the world the industry has a large attack surface with many attack vectors. A typical large oil and gas company uses half a million processors ...
- FBI Warns Of ATM Hacking Campaign
August 16, 2018
The FBI has warned banks that cybercriminals are preparing to carry out a “highly choreographed, global fraud scheme known as an ‘ATM cash-out’.” The threat, reported by Krebs On Security cybersecurity blog, will apparently see criminals hacking a bank or payment card processor, and using cloned cards at ATMs around the world to fraudulently withdraw “millions of ...
- Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs
August 14, 2018
Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs. All three are Spectre-class attacks that take advantage of a CPU design feature named speculative execution —a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data. These flaws target ...
- Postmortem of a Compromised MikroTik Router
August 14, 2018
Cryptocurrency coinminers are the new ransomware and malicious actors have already pounced on the opportunity to make their fortune. Symantec has been tracking a large-scale coin-mining campaign which, as per Shodan, has currently infected about 157,000 MikroTik routers. Researchers discovered this coin-mining campaign in early August 2018. The campaign was initially concentrated in Brazil; however, it soon began ...
- Victims Lose Access to Thousands of Photos as Instagram Hack Spreads
August 14, 2018
In a probable quest to build a botnet, someone is hacking Instagram accounts, deleting handles, avatars and personal details, and linking them to a new email address. An Instagram hack is spreading across the internet, with increasing numbers of victims finding their accounts hijacked and personal details altered — and account recovery so far impossible. Read more… Source: ...