A new ClickFix attack campaign is targeting Mac users through fake Cloudflare-themed CAPTCHA pages that deliver the Infiniti information stealer. The attack leverages the trusted Cloudflare brand to trick users into believing they need to complete a security verification step.
The multi-stage infection chain begins with a deceptive CAPTCHA page designed to mimic legitimate Cloudflare security checks. When users attempt to complete the fake verification, the attack progresses through several technical components including a Bash script and a Nuitka loader.