Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka
Pulse ID: 69ca1c3f020aa0849dc313f0
Pulse Link: https://otx.alienvault.com/pulse/69ca1c3f020aa0849dc313f0
Pulse Author: Tr1sa111
Created: 2026-03-30 06:46:23
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #InfoStealer #Mac #MacOS #OTX #OpenThreatExchange #Python #bot #Tr1sa111
Torg Grabber: nuovo malware per furto di criptovalute
I ricercatori di Gen Digital hanno individuato un nuovo #malware denominato #torggrabber che viene sfruttato principalmente per rubare #criptovalute Si tratta quindi di un #infostealer ma offre funzionalità più avanzate rispetto ai suoi simili. Può utilizzare diverse tecniche di infezione e modalità di esfiltrazione dei dati.
https://www.punto-informatico.it/torg-grabber-nuovo-malware-furto-criptovalute/
Suspected #RedLine #infostealer #malware admin extradited to US
Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka
A new macOS infostealer called Infiniti Stealer has been discovered, utilizing ClickFix delivery and Python/Nuitka compilation. The malware spreads through a fake CAPTCHA page, tricking users into running a command themselves. The final payload is a Python-based stealer compiled with Nuitka, making it harder to analyze and detect. The malware targets sensitive data including browser credentials, macOS Keychain entries, cryptocurrency wallets, and developer files. It employs anti-analysis techniques and exfiltrates data via HTTP POST requests. This campaign demonstrates the adaptation of Windows-based techniques to target Mac users and showcases the increasing sophistication of macOS malware.
Pulse ID: 69c65110c392e209625c97d5
Pulse Link: https://otx.alienvault.com/pulse/69c65110c392e209625c97d5
Pulse Author: AlienVault
Created: 2026-03-27 09:42:40
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #CAPTCHA #CyberSecurity #HTTP #InfoSec #InfoStealer #Mac #MacOS #Malware #OTX #OpenThreatExchange #Python #RAT #Windows #bot #cryptocurrency #AlienVault
New #TorgGrabber #infostealer #malware targets 728 #crypto wallets
We planned one report on Keitaro abuse, but we ran out of pages before we ran out of cases.
So here’s Part 2 of 3, a medley of threats that go well beyond AI‑investment scams.
Threat actors abuse Keitaro’s traffic distribution, cloaking, and rule engine to hide malicious landing pages behind geo and device-based filters. They stack bulletproof hosting and reverse proxies to add layers of indirection, making takedown and analysis harder. In this post, we share how we overcame this using multi‑protocol, multi‑vantage telemetry. We leveraged JA4+ web server fingerprints, DNS analytics, and Confiant’s visibility into advertising supply chain data to uncover Keitaro abuse and the delivery of malware downloaders, infostealers, weaponized RMMs, wallet drainer campaigns, scams, and email spam and advertising attack vectors.
If you hunt threats distributed via adtech, these indicators can be useful pivots. https://www.infoblox.com/blog/threat-intelligence/no-reach-no-risk-the-keitaro-abuse-in-modern-cybercrime-distribution/
#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising #infostealer #rmm #remotemonitoringmanagement #downloader #malware #spam #airdrop #cryptocurrency #ja4 #ja4_fingerprinting
If you want a stealer all you need to do is asking nicely.
📢 Un ressortissant arménien présenté devant un tribunal américain pour le malware RedLine Infostealer
📝 ## 🏛️ Contexte
Source : The Cyber Express — Publication le 26 mars 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-03-26-un-ressortissant-armenien-presente-devant-un-tribunal-americain-pour-le-malware-redline-infostealer/
🌐 source : https://thecyberexpress.com/redline-infostealer-networks-second-defendant/
#Infostealer #RedLine #Cyberveille
🏛️ Contexte Source : The Cyber Express — Publication le 26 mars 2026. L’article rapporte la comparution devant un tribunal américain à Austin (Texas) d’un ressortissant arménien impliqué dans une campagne liée au RedLine Infostealer. 👤 Suspect Nationalité : Arménienne Lieu de comparution : Tribunal d’Austin, Texas (États-Unis) Rôle : Opérateur ou participant à une campagne RedLine Infostealer Il s’agit d’un second défendeur dans cette affaire (mentionné dans l’URL de l’article) 🦠 Malware concerné RedLine Infostealer : logiciel malveillant de type stealer, connu pour dérober des identifiants, données de navigateurs, portefeuilles de cryptomonnaies et autres informations sensibles sur les systèmes infectés. 📰 Nature de l’article Article de presse spécialisée relatant une opération judiciaire américaine visant un opérateur présumé du réseau RedLine Infostealer. Le but principal est d’informer sur les poursuites judiciaires engagées contre un acteur impliqué dans la distribution ou l’opération de ce malware.
PXA Stealer attacks are rising, with researchers reporting a 10% spike targeting financial firms. The malware uses phishing and Telegram to steal credentials and crypto data.
Read: https://hackread.com/financial-firms-rise-pxa-stealer-attacks/
#Trivy vulnerability scanner breach pushed #infostealer via #GitHub Actions
OTX Bot
Grub 
The New Oil
Infoblox Threat Intel
小津 Ozu
CyberVeille.ch
Hackread.com
