{"id":11654,"date":"2026-03-27T10:03:48","date_gmt":"2026-03-27T10:03:48","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/03\/27\/fake-cloudflare-captcha-pages-spread-infiniti-stealer-malware-on-macos-systems\/"},"modified":"2026-03-27T10:03:48","modified_gmt":"2026-03-27T10:03:48","slug":"fake-cloudflare-captcha-pages-spread-infiniti-stealer-malware-on-macos-systems","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/03\/27\/fake-cloudflare-captcha-pages-spread-infiniti-stealer-malware-on-macos-systems\/","title":{"rendered":"Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer Malware on macOS Systems"},"content":{"rendered":"<p>    Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer Malware on macOS Systems<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>A new macOS malware that was undocumented previously, is quietly tricking users through fake Cloudflare human verification pages.<\/p>\n<p>Called Infiniti Stealer, this threat uses a well-known social engineering trick called ClickFix to convince Mac users into running dangerous commands directly on their own machines, bypassing the need for any software vulnerability or exploit.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/2d825783-1e83-4145-b1f2-31433f84ef09\/Fake-Cloudflare-CAPTCHA-Pages-Spread-Infiniti-Stealer-Malware-on-macOS-Systems.pdf?AWSAccessKeyId=ASIA2F3EMEYE5BM3IVXU&amp;Signature=mCsYmqchVUzHHUHdbNw%2FxmO%2Bnhw%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD6oVW6%2Bq1wk2DIEzfY9ootU9m0B35vrjPjTb7G7WE4vgIgWEB7BZHBxqnvEzf9O0T%2F6WUbMWFToW7vj9QWCaqUJDEq%2FAQI1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDFhamTCSwefDnLw18irQBMBiRFHduqGU2iZzODa5WOv5MkJgZ9W9WI%2FGjJHQG%2FvLWTMAQhUe2e4i8IvVYTKes3q6N19QQ4G4UUkmKT5elEWmEXtIP27RYYJn6WdsdXpBZbYNsSvi6eKfyIrSj2jatwNd8fq2UChYybmGzZDZRj86xo4IM2nCuArHI53BN8FT7r9PyOi7uOV85NW%2FtB19ONGQNHBUgFGtEBmL8Il9VVup5YXkhhBqdzp2t%2FrTYYCjN8gnLrZnytVZiVyu5EzJBNnQ3hUZxDI9Jv1sbjXTQkuCVE2Wn0b3p9CA7g3g80%2BXMMohf9Sx8hC7B61NdQB2kJqFbbjO7KvFTV4LQzoxWhcQk5WT9tirAmYpyEwd0qAEq7PdbNPPy5mHvFuO12EW7DVKc%2F%2FY0SYaLQCHUpHbvJskQQtiMlRaezBlcJG6rblsWdgV9%2BYgUblIN9hH8X9dS36ahGGXTVfnvRyREtVz0iAeWGfWRfsimGp5kq3IU2wN%2BcUdaoHVvsok4D2SDpCANn5neFmZa3%2BQri3ZghsXLKyXGIi%2B4EPP4e2MPzsbds6Q3Nn1v4b8MWUHtIhsLeak%2BFwIi%2FPVpIzZxMjAJcCfWu7mNSFSlAQV9d%2B5AHsNN2XryEdxvsdI%2FdR%2Bm2QQC5%2B2pFwsBrYA7S5EjiE4ntNZ3wb5fx%2FeAdKs5gofVGhxLaDVPe%2FBm6Iu8Z45qcqMeIOvb58QCXBlm0QcJ4UuA%2BUVk9nesIYAv5SNV%2FrQG1nG2fO%2Fb%2F1TxHZN3Dw28PEFV4ahw8xhqvyz0e3yt2vSb2NrXp4w97aYzgY6mAE9L88BMZ8PiV4VkfPFbDP2kvxC9gVLRdV7ucncg%2BjQ%2FRyHzQE72SVEfxymigJfQkFUnsBNPtmdcCppoZ%2Bt%2BcNgu7iimQ2xSYZB33MaJsjTJNPcuqhEth0ZYjW1%2BxWW7Buo6RY5gqimC4haB%2FeR1syi6LLlfeCpb4s%2BmaKAnt8Qv1sHp9Np7luIux%2FVz8T6mmISJnsg9Nu%2FQQ%3D%3D&amp;Expires=1774591883\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p>For a long time, many Mac users have believed their systems are naturally resistant to malware. Infiniti Stealer challenges that assumption directly. The malware was originally tracked under the internal name NukeChain during routine threat hunting. <\/p>\n<p>Just before its public disclosure, the threat actor\u2019s operator control panel accidentally became visible online, revealing the malware\u2019s true name and confirming that this is a structured, ongoing campaign aimed directly at macOS users.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/2d825783-1e83-4145-b1f2-31433f84ef09\/Fake-Cloudflare-CAPTCHA-Pages-Spread-Infiniti-Stealer-Malware-on-macOS-Systems.pdf?AWSAccessKeyId=ASIA2F3EMEYE5BM3IVXU&amp;Signature=mCsYmqchVUzHHUHdbNw%2FxmO%2Bnhw%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD6oVW6%2Bq1wk2DIEzfY9ootU9m0B35vrjPjTb7G7WE4vgIgWEB7BZHBxqnvEzf9O0T%2F6WUbMWFToW7vj9QWCaqUJDEq%2FAQI1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDFhamTCSwefDnLw18irQBMBiRFHduqGU2iZzODa5WOv5MkJgZ9W9WI%2FGjJHQG%2FvLWTMAQhUe2e4i8IvVYTKes3q6N19QQ4G4UUkmKT5elEWmEXtIP27RYYJn6WdsdXpBZbYNsSvi6eKfyIrSj2jatwNd8fq2UChYybmGzZDZRj86xo4IM2nCuArHI53BN8FT7r9PyOi7uOV85NW%2FtB19ONGQNHBUgFGtEBmL8Il9VVup5YXkhhBqdzp2t%2FrTYYCjN8gnLrZnytVZiVyu5EzJBNnQ3hUZxDI9Jv1sbjXTQkuCVE2Wn0b3p9CA7g3g80%2BXMMohf9Sx8hC7B61NdQB2kJqFbbjO7KvFTV4LQzoxWhcQk5WT9tirAmYpyEwd0qAEq7PdbNPPy5mHvFuO12EW7DVKc%2F%2FY0SYaLQCHUpHbvJskQQtiMlRaezBlcJG6rblsWdgV9%2BYgUblIN9hH8X9dS36ahGGXTVfnvRyREtVz0iAeWGfWRfsimGp5kq3IU2wN%2BcUdaoHVvsok4D2SDpCANn5neFmZa3%2BQri3ZghsXLKyXGIi%2B4EPP4e2MPzsbds6Q3Nn1v4b8MWUHtIhsLeak%2BFwIi%2FPVpIzZxMjAJcCfWu7mNSFSlAQV9d%2B5AHsNN2XryEdxvsdI%2FdR%2Bm2QQC5%2B2pFwsBrYA7S5EjiE4ntNZ3wb5fx%2FeAdKs5gofVGhxLaDVPe%2FBm6Iu8Z45qcqMeIOvb58QCXBlm0QcJ4UuA%2BUVk9nesIYAv5SNV%2FrQG1nG2fO%2Fb%2F1TxHZN3Dw28PEFV4ahw8xhqvyz0e3yt2vSb2NrXp4w97aYzgY6mAE9L88BMZ8PiV4VkfPFbDP2kvxC9gVLRdV7ucncg%2BjQ%2FRyHzQE72SVEfxymigJfQkFUnsBNPtmdcCppoZ%2Bt%2BcNgu7iimQ2xSYZB33MaJsjTJNPcuqhEth0ZYjW1%2BxWW7Buo6RY5gqimC4haB%2FeR1syi6LLlfeCpb4s%2BmaKAnt8Qv1sHp9Np7luIux%2FVz8T6mmISJnsg9Nu%2FQQ%3D%3D&amp;Expires=1774591883\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/threat-intel\/2026\/03\/infiniti-stealer-a-new-macos-infostealer-using-clickfix-and-python-nuitka\" id=\"https:\/\/www.malwarebytes.com\/blog\/threat-intel\/2026\/03\/infiniti-stealer-a-new-macos-infostealer-using-clickfix-and-python-nuitka\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Malwarebytes analysts identified Infiniti Stealer<\/a> as the first documented macOS campaign to combine ClickFix delivery with a Nuitka-compiled Python stealer. <\/p>\n<p>The attack begins at a malicious domain, update-check[.]com, which hosts a near-perfect replica of a Cloudflare human verification page. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjeL7h9ik_hcEtKrHlyTLzM5WWlpxeQDtAKzl1KDY4ckDJufjwONt3UmZwCtC2hhth2-DoUvYMN6spsaBQcXzNIkl0rR0Tcl93McivgxFSsFpBfMK-uMaFgTaibrN15LjChjOtWEaQaKww1j1xi8rXqES-3KSPZ0OK5sFtRfPotiALJwzO3IJKziqYKhoc\/s16000\/Fake%2520Cloudflare%2520CAPTCHA%2520Page%2520%28Source%2520-%2520Malwarebytes%29.webp?ssl=1\" alt=\"Fake Cloudflare CAPTCHA Page (Source - Malwarebytes)\"><figcaption class=\"wp-element-caption\">Fake Cloudflare CAPTCHA Page (Source \u2013 Malwarebytes)<\/figcaption><\/figure>\n<\/div>\n<p>Visitors on the fake page are instructed to open Terminal, paste a provided command, and press Return. What appears to be a routine identity check immediately triggers the entire infection chain.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/2d825783-1e83-4145-b1f2-31433f84ef09\/Fake-Cloudflare-CAPTCHA-Pages-Spread-Infiniti-Stealer-Malware-on-macOS-Systems.pdf?AWSAccessKeyId=ASIA2F3EMEYE5BM3IVXU&amp;Signature=mCsYmqchVUzHHUHdbNw%2FxmO%2Bnhw%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD6oVW6%2Bq1wk2DIEzfY9ootU9m0B35vrjPjTb7G7WE4vgIgWEB7BZHBxqnvEzf9O0T%2F6WUbMWFToW7vj9QWCaqUJDEq%2FAQI1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDFhamTCSwefDnLw18irQBMBiRFHduqGU2iZzODa5WOv5MkJgZ9W9WI%2FGjJHQG%2FvLWTMAQhUe2e4i8IvVYTKes3q6N19QQ4G4UUkmKT5elEWmEXtIP27RYYJn6WdsdXpBZbYNsSvi6eKfyIrSj2jatwNd8fq2UChYybmGzZDZRj86xo4IM2nCuArHI53BN8FT7r9PyOi7uOV85NW%2FtB19ONGQNHBUgFGtEBmL8Il9VVup5YXkhhBqdzp2t%2FrTYYCjN8gnLrZnytVZiVyu5EzJBNnQ3hUZxDI9Jv1sbjXTQkuCVE2Wn0b3p9CA7g3g80%2BXMMohf9Sx8hC7B61NdQB2kJqFbbjO7KvFTV4LQzoxWhcQk5WT9tirAmYpyEwd0qAEq7PdbNPPy5mHvFuO12EW7DVKc%2F%2FY0SYaLQCHUpHbvJskQQtiMlRaezBlcJG6rblsWdgV9%2BYgUblIN9hH8X9dS36ahGGXTVfnvRyREtVz0iAeWGfWRfsimGp5kq3IU2wN%2BcUdaoHVvsok4D2SDpCANn5neFmZa3%2BQri3ZghsXLKyXGIi%2B4EPP4e2MPzsbds6Q3Nn1v4b8MWUHtIhsLeak%2BFwIi%2FPVpIzZxMjAJcCfWu7mNSFSlAQV9d%2B5AHsNN2XryEdxvsdI%2FdR%2Bm2QQC5%2B2pFwsBrYA7S5EjiE4ntNZ3wb5fx%2FeAdKs5gofVGhxLaDVPe%2FBm6Iu8Z45qcqMeIOvb58QCXBlm0QcJ4UuA%2BUVk9nesIYAv5SNV%2FrQG1nG2fO%2Fb%2F1TxHZN3Dw28PEFV4ahw8xhqvyz0e3yt2vSb2NrXp4w97aYzgY6mAE9L88BMZ8PiV4VkfPFbDP2kvxC9gVLRdV7ucncg%2BjQ%2FRyHzQE72SVEfxymigJfQkFUnsBNPtmdcCppoZ%2Bt%2BcNgu7iimQ2xSYZB33MaJsjTJNPcuqhEth0ZYjW1%2BxWW7Buo6RY5gqimC4haB%2FeR1syi6LLlfeCpb4s%2BmaKAnt8Qv1sHp9Np7luIux%2FVz8T6mmISJnsg9Nu%2FQQ%3D%3D&amp;Expires=1774591883\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p>What makes this attack especially dangerous is that it does not rely on any software flaw. There is no malicious file to download, no phishing attachment, and no drive-by exploit. <\/p>\n<p>The attacker depends entirely on the user trusting the <a href=\"https:\/\/cybersecuritynews.com\/fake-captcha-delivers-eddiestealer\/\" id=\"109164\" target=\"_blank\" rel=\"noreferrer noopener\">fake CAPTCHA<\/a>. Once the command is run, the malware\u2019s payload executes silently in the background, leaving no obvious sign that anything has gone wrong.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/2d825783-1e83-4145-b1f2-31433f84ef09\/Fake-Cloudflare-CAPTCHA-Pages-Spread-Infiniti-Stealer-Malware-on-macOS-Systems.pdf?AWSAccessKeyId=ASIA2F3EMEYE5BM3IVXU&amp;Signature=mCsYmqchVUzHHUHdbNw%2FxmO%2Bnhw%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD6oVW6%2Bq1wk2DIEzfY9ootU9m0B35vrjPjTb7G7WE4vgIgWEB7BZHBxqnvEzf9O0T%2F6WUbMWFToW7vj9QWCaqUJDEq%2FAQI1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDFhamTCSwefDnLw18irQBMBiRFHduqGU2iZzODa5WOv5MkJgZ9W9WI%2FGjJHQG%2FvLWTMAQhUe2e4i8IvVYTKes3q6N19QQ4G4UUkmKT5elEWmEXtIP27RYYJn6WdsdXpBZbYNsSvi6eKfyIrSj2jatwNd8fq2UChYybmGzZDZRj86xo4IM2nCuArHI53BN8FT7r9PyOi7uOV85NW%2FtB19ONGQNHBUgFGtEBmL8Il9VVup5YXkhhBqdzp2t%2FrTYYCjN8gnLrZnytVZiVyu5EzJBNnQ3hUZxDI9Jv1sbjXTQkuCVE2Wn0b3p9CA7g3g80%2BXMMohf9Sx8hC7B61NdQB2kJqFbbjO7KvFTV4LQzoxWhcQk5WT9tirAmYpyEwd0qAEq7PdbNPPy5mHvFuO12EW7DVKc%2F%2FY0SYaLQCHUpHbvJskQQtiMlRaezBlcJG6rblsWdgV9%2BYgUblIN9hH8X9dS36ahGGXTVfnvRyREtVz0iAeWGfWRfsimGp5kq3IU2wN%2BcUdaoHVvsok4D2SDpCANn5neFmZa3%2BQri3ZghsXLKyXGIi%2B4EPP4e2MPzsbds6Q3Nn1v4b8MWUHtIhsLeak%2BFwIi%2FPVpIzZxMjAJcCfWu7mNSFSlAQV9d%2B5AHsNN2XryEdxvsdI%2FdR%2Bm2QQC5%2B2pFwsBrYA7S5EjiE4ntNZ3wb5fx%2FeAdKs5gofVGhxLaDVPe%2FBm6Iu8Z45qcqMeIOvb58QCXBlm0QcJ4UuA%2BUVk9nesIYAv5SNV%2FrQG1nG2fO%2Fb%2F1TxHZN3Dw28PEFV4ahw8xhqvyz0e3yt2vSb2NrXp4w97aYzgY6mAE9L88BMZ8PiV4VkfPFbDP2kvxC9gVLRdV7ucncg%2BjQ%2FRyHzQE72SVEfxymigJfQkFUnsBNPtmdcCppoZ%2Bt%2BcNgu7iimQ2xSYZB33MaJsjTJNPcuqhEth0ZYjW1%2BxWW7Buo6RY5gqimC4haB%2FeR1syi6LLlfeCpb4s%2BmaKAnt8Qv1sHp9Np7luIux%2FVz8T6mmISJnsg9Nu%2FQQ%3D%3D&amp;Expires=1774591883\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p>The damage potential of Infiniti Stealer is serious and far-reaching. The malware is built to harvest login credentials from Chromium-based browsers and Firefox, collect macOS Keychain entries, drain <a href=\"https:\/\/cybersecuritynews.com\/cryptocore-cryptocurrency-scam-draining-wallets\/\" id=\"74531\" target=\"_blank\" rel=\"noreferrer noopener\">cryptocurrency wallets<\/a>, take screenshots during execution, and pull plaintext secrets from developer environment files such as\u00a0<code>.env<\/code>. <\/p>\n<p>All collected data is sent to a remote server via HTTP POST requests, and the operator receives an immediate Telegram notification once the upload is complete.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/2d825783-1e83-4145-b1f2-31433f84ef09\/Fake-Cloudflare-CAPTCHA-Pages-Spread-Infiniti-Stealer-Malware-on-macOS-Systems.pdf?AWSAccessKeyId=ASIA2F3EMEYE5BM3IVXU&amp;Signature=mCsYmqchVUzHHUHdbNw%2FxmO%2Bnhw%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD6oVW6%2Bq1wk2DIEzfY9ootU9m0B35vrjPjTb7G7WE4vgIgWEB7BZHBxqnvEzf9O0T%2F6WUbMWFToW7vj9QWCaqUJDEq%2FAQI1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDFhamTCSwefDnLw18irQBMBiRFHduqGU2iZzODa5WOv5MkJgZ9W9WI%2FGjJHQG%2FvLWTMAQhUe2e4i8IvVYTKes3q6N19QQ4G4UUkmKT5elEWmEXtIP27RYYJn6WdsdXpBZbYNsSvi6eKfyIrSj2jatwNd8fq2UChYybmGzZDZRj86xo4IM2nCuArHI53BN8FT7r9PyOi7uOV85NW%2FtB19ONGQNHBUgFGtEBmL8Il9VVup5YXkhhBqdzp2t%2FrTYYCjN8gnLrZnytVZiVyu5EzJBNnQ3hUZxDI9Jv1sbjXTQkuCVE2Wn0b3p9CA7g3g80%2BXMMohf9Sx8hC7B61NdQB2kJqFbbjO7KvFTV4LQzoxWhcQk5WT9tirAmYpyEwd0qAEq7PdbNPPy5mHvFuO12EW7DVKc%2F%2FY0SYaLQCHUpHbvJskQQtiMlRaezBlcJG6rblsWdgV9%2BYgUblIN9hH8X9dS36ahGGXTVfnvRyREtVz0iAeWGfWRfsimGp5kq3IU2wN%2BcUdaoHVvsok4D2SDpCANn5neFmZa3%2BQri3ZghsXLKyXGIi%2B4EPP4e2MPzsbds6Q3Nn1v4b8MWUHtIhsLeak%2BFwIi%2FPVpIzZxMjAJcCfWu7mNSFSlAQV9d%2B5AHsNN2XryEdxvsdI%2FdR%2Bm2QQC5%2B2pFwsBrYA7S5EjiE4ntNZ3wb5fx%2FeAdKs5gofVGhxLaDVPe%2FBm6Iu8Z45qcqMeIOvb58QCXBlm0QcJ4UuA%2BUVk9nesIYAv5SNV%2FrQG1nG2fO%2Fb%2F1TxHZN3Dw28PEFV4ahw8xhqvyz0e3yt2vSb2NrXp4w97aYzgY6mAE9L88BMZ8PiV4VkfPFbDP2kvxC9gVLRdV7ucncg%2BjQ%2FRyHzQE72SVEfxymigJfQkFUnsBNPtmdcCppoZ%2Bt%2BcNgu7iimQ2xSYZB33MaJsjTJNPcuqhEth0ZYjW1%2BxWW7Buo6RY5gqimC4haB%2FeR1syi6LLlfeCpb4s%2BmaKAnt8Qv1sHp9Np7luIux%2FVz8T6mmISJnsg9Nu%2FQQ%3D%3D&amp;Expires=1774591883\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 class=\"wp-block-heading\" id=\"three-stage-infection-chain\"><strong>Three-Stage Infection Chain<\/strong><\/h2>\n<p>Once the victim runs the Terminal command, Infiniti Stealer works through three separate stages to complete the compromise. The first is a Bash dropper script that uses a template also found in earlier <a href=\"https:\/\/cybersecuritynews.com\/atomic-macos-info-stealer-upgraded\/\" id=\"114731\" target=\"_blank\" rel=\"noreferrer noopener\">macOS stealers<\/a> like MacSync, suggesting the use of a shared malware builder. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj7rvFz7En_9ElTiUfOVp2BNAFgXF_ivDe4I-phRA-GmswOWqv03R1-svgxqiMdDnvOWgMdl0qUo27jICr8ll6Eu9G_uxF0E2qkO62eYKobRZ2gBAFeax8NIloCPRsgobWALxmTaj_1O0V01NzXmK55A1BY-WTXs2c6Nr79wMG8Id9LfnV9rsdNzgKZbvg\/s16000\/Stage%25201%2520Bash%2520Dropper%2520Script%2520%28Source%2520-%2520Malwarebytes%29.webp?ssl=1\" alt=\"Stage 1 Bash Dropper Script (Source - Malwarebytes)\"><figcaption class=\"wp-element-caption\">Stage 1 Bash Dropper Script (Source \u2013 Malwarebytes)<\/figcaption><\/figure>\n<\/div>\n<p>The script decodes an embedded payload, writes the next stage binary to the\u00a0<code>\/tmp<\/code>\u00a0folder, strips the macOS quarantine attribute, and runs the file silently using\u00a0<code>nohup<\/code>. <\/p>\n<p>It then deletes itself and closes Terminal via AppleScript, ensuring the victim sees nothing unusual.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/2d825783-1e83-4145-b1f2-31433f84ef09\/Fake-Cloudflare-CAPTCHA-Pages-Spread-Infiniti-Stealer-Malware-on-macOS-Systems.pdf?AWSAccessKeyId=ASIA2F3EMEYE5BM3IVXU&amp;Signature=mCsYmqchVUzHHUHdbNw%2FxmO%2Bnhw%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD6oVW6%2Bq1wk2DIEzfY9ootU9m0B35vrjPjTb7G7WE4vgIgWEB7BZHBxqnvEzf9O0T%2F6WUbMWFToW7vj9QWCaqUJDEq%2FAQI1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDFhamTCSwefDnLw18irQBMBiRFHduqGU2iZzODa5WOv5MkJgZ9W9WI%2FGjJHQG%2FvLWTMAQhUe2e4i8IvVYTKes3q6N19QQ4G4UUkmKT5elEWmEXtIP27RYYJn6WdsdXpBZbYNsSvi6eKfyIrSj2jatwNd8fq2UChYybmGzZDZRj86xo4IM2nCuArHI53BN8FT7r9PyOi7uOV85NW%2FtB19ONGQNHBUgFGtEBmL8Il9VVup5YXkhhBqdzp2t%2FrTYYCjN8gnLrZnytVZiVyu5EzJBNnQ3hUZxDI9Jv1sbjXTQkuCVE2Wn0b3p9CA7g3g80%2BXMMohf9Sx8hC7B61NdQB2kJqFbbjO7KvFTV4LQzoxWhcQk5WT9tirAmYpyEwd0qAEq7PdbNPPy5mHvFuO12EW7DVKc%2F%2FY0SYaLQCHUpHbvJskQQtiMlRaezBlcJG6rblsWdgV9%2BYgUblIN9hH8X9dS36ahGGXTVfnvRyREtVz0iAeWGfWRfsimGp5kq3IU2wN%2BcUdaoHVvsok4D2SDpCANn5neFmZa3%2BQri3ZghsXLKyXGIi%2B4EPP4e2MPzsbds6Q3Nn1v4b8MWUHtIhsLeak%2BFwIi%2FPVpIzZxMjAJcCfWu7mNSFSlAQV9d%2B5AHsNN2XryEdxvsdI%2FdR%2Bm2QQC5%2B2pFwsBrYA7S5EjiE4ntNZ3wb5fx%2FeAdKs5gofVGhxLaDVPe%2FBm6Iu8Z45qcqMeIOvb58QCXBlm0QcJ4UuA%2BUVk9nesIYAv5SNV%2FrQG1nG2fO%2Fb%2F1TxHZN3Dw28PEFV4ahw8xhqvyz0e3yt2vSb2NrXp4w97aYzgY6mAE9L88BMZ8PiV4VkfPFbDP2kvxC9gVLRdV7ucncg%2BjQ%2FRyHzQE72SVEfxymigJfQkFUnsBNPtmdcCppoZ%2Bt%2BcNgu7iimQ2xSYZB33MaJsjTJNPcuqhEth0ZYjW1%2BxWW7Buo6RY5gqimC4haB%2FeR1syi6LLlfeCpb4s%2BmaKAnt8Qv1sHp9Np7luIux%2FVz8T6mmISJnsg9Nu%2FQQ%3D%3D&amp;Expires=1774591883\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p>The second stage delivers an Apple Silicon Mach-O binary of around 8.6 MB, built using Nuitka\u2019s onefile mode. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh07PAgqy3ETzLFrGnVT_m9t4deED_t2FoXopzo-JmxltGCgiu6UoagnZYzsEEQE56gMEwNO0w06PWsGVFhHM9dGexF7RJau9sYZGnwkzUZTuovKJ-YWP2GDTW0tJw00D3BkBPjZICjrjIMmxV8Ctfr-WPwG6LXqRSeopQVLkQB3_eEIToxqtWi2cXiN4o\/s16000\/Stage%25202%2520Nuitka%2520Loader%2520Binary%2520%28Source%2520-%2520Malwarebytes%29.webp?ssl=1\" alt=\"Stage 2 Nuitka Loader Binary (Source - Malwarebytes)\"><figcaption class=\"wp-element-caption\">Stage 2 Nuitka Loader Binary (Source \u2013 Malwarebytes)<\/figcaption><\/figure>\n<\/div>\n<p>Unlike PyInstaller, Nuitka compiles Python source code into C and produces a native binary, making static analysis significantly harder for <a href=\"https:\/\/cybersecuritynews.com\/best-cloud-security-tools\/\" id=\"11635\" target=\"_blank\" rel=\"noreferrer noopener\">security tools<\/a>. At runtime, this loader decompresses around 35 MB of embedded data and hands off execution to the final payload.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/2d825783-1e83-4145-b1f2-31433f84ef09\/Fake-Cloudflare-CAPTCHA-Pages-Spread-Infiniti-Stealer-Malware-on-macOS-Systems.pdf?AWSAccessKeyId=ASIA2F3EMEYE5BM3IVXU&amp;Signature=mCsYmqchVUzHHUHdbNw%2FxmO%2Bnhw%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD6oVW6%2Bq1wk2DIEzfY9ootU9m0B35vrjPjTb7G7WE4vgIgWEB7BZHBxqnvEzf9O0T%2F6WUbMWFToW7vj9QWCaqUJDEq%2FAQI1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDFhamTCSwefDnLw18irQBMBiRFHduqGU2iZzODa5WOv5MkJgZ9W9WI%2FGjJHQG%2FvLWTMAQhUe2e4i8IvVYTKes3q6N19QQ4G4UUkmKT5elEWmEXtIP27RYYJn6WdsdXpBZbYNsSvi6eKfyIrSj2jatwNd8fq2UChYybmGzZDZRj86xo4IM2nCuArHI53BN8FT7r9PyOi7uOV85NW%2FtB19ONGQNHBUgFGtEBmL8Il9VVup5YXkhhBqdzp2t%2FrTYYCjN8gnLrZnytVZiVyu5EzJBNnQ3hUZxDI9Jv1sbjXTQkuCVE2Wn0b3p9CA7g3g80%2BXMMohf9Sx8hC7B61NdQB2kJqFbbjO7KvFTV4LQzoxWhcQk5WT9tirAmYpyEwd0qAEq7PdbNPPy5mHvFuO12EW7DVKc%2F%2FY0SYaLQCHUpHbvJskQQtiMlRaezBlcJG6rblsWdgV9%2BYgUblIN9hH8X9dS36ahGGXTVfnvRyREtVz0iAeWGfWRfsimGp5kq3IU2wN%2BcUdaoHVvsok4D2SDpCANn5neFmZa3%2BQri3ZghsXLKyXGIi%2B4EPP4e2MPzsbds6Q3Nn1v4b8MWUHtIhsLeak%2BFwIi%2FPVpIzZxMjAJcCfWu7mNSFSlAQV9d%2B5AHsNN2XryEdxvsdI%2FdR%2Bm2QQC5%2B2pFwsBrYA7S5EjiE4ntNZ3wb5fx%2FeAdKs5gofVGhxLaDVPe%2FBm6Iu8Z45qcqMeIOvb58QCXBlm0QcJ4UuA%2BUVk9nesIYAv5SNV%2FrQG1nG2fO%2Fb%2F1TxHZN3Dw28PEFV4ahw8xhqvyz0e3yt2vSb2NrXp4w97aYzgY6mAE9L88BMZ8PiV4VkfPFbDP2kvxC9gVLRdV7ucncg%2BjQ%2FRyHzQE72SVEfxymigJfQkFUnsBNPtmdcCppoZ%2Bt%2BcNgu7iimQ2xSYZB33MaJsjTJNPcuqhEth0ZYjW1%2BxWW7Buo6RY5gqimC4haB%2FeR1syi6LLlfeCpb4s%2BmaKAnt8Qv1sHp9Np7luIux%2FVz8T6mmISJnsg9Nu%2FQQ%3D%3D&amp;Expires=1774591883\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p>The third stage,\u00a0<code>UpdateHelper[.]bin<\/code> is a Python 3.11 stealer also compiled with Nuitka. <\/p>\n<p>Before stealing any data, it checks whether it is running inside known analysis environments including any.run, Joe Sandbox, Hybrid Analysis, VMware, or VirtualBox. <\/p>\n<p>It also adds a randomized execution delay to avoid triggering automated detection systems.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/2d825783-1e83-4145-b1f2-31433f84ef09\/Fake-Cloudflare-CAPTCHA-Pages-Spread-Infiniti-Stealer-Malware-on-macOS-Systems.pdf?AWSAccessKeyId=ASIA2F3EMEYE5BM3IVXU&amp;Signature=mCsYmqchVUzHHUHdbNw%2FxmO%2Bnhw%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD6oVW6%2Bq1wk2DIEzfY9ootU9m0B35vrjPjTb7G7WE4vgIgWEB7BZHBxqnvEzf9O0T%2F6WUbMWFToW7vj9QWCaqUJDEq%2FAQI1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDFhamTCSwefDnLw18irQBMBiRFHduqGU2iZzODa5WOv5MkJgZ9W9WI%2FGjJHQG%2FvLWTMAQhUe2e4i8IvVYTKes3q6N19QQ4G4UUkmKT5elEWmEXtIP27RYYJn6WdsdXpBZbYNsSvi6eKfyIrSj2jatwNd8fq2UChYybmGzZDZRj86xo4IM2nCuArHI53BN8FT7r9PyOi7uOV85NW%2FtB19ONGQNHBUgFGtEBmL8Il9VVup5YXkhhBqdzp2t%2FrTYYCjN8gnLrZnytVZiVyu5EzJBNnQ3hUZxDI9Jv1sbjXTQkuCVE2Wn0b3p9CA7g3g80%2BXMMohf9Sx8hC7B61NdQB2kJqFbbjO7KvFTV4LQzoxWhcQk5WT9tirAmYpyEwd0qAEq7PdbNPPy5mHvFuO12EW7DVKc%2F%2FY0SYaLQCHUpHbvJskQQtiMlRaezBlcJG6rblsWdgV9%2BYgUblIN9hH8X9dS36ahGGXTVfnvRyREtVz0iAeWGfWRfsimGp5kq3IU2wN%2BcUdaoHVvsok4D2SDpCANn5neFmZa3%2BQri3ZghsXLKyXGIi%2B4EPP4e2MPzsbds6Q3Nn1v4b8MWUHtIhsLeak%2BFwIi%2FPVpIzZxMjAJcCfWu7mNSFSlAQV9d%2B5AHsNN2XryEdxvsdI%2FdR%2Bm2QQC5%2B2pFwsBrYA7S5EjiE4ntNZ3wb5fx%2FeAdKs5gofVGhxLaDVPe%2FBm6Iu8Z45qcqMeIOvb58QCXBlm0QcJ4UuA%2BUVk9nesIYAv5SNV%2FrQG1nG2fO%2Fb%2F1TxHZN3Dw28PEFV4ahw8xhqvyz0e3yt2vSb2NrXp4w97aYzgY6mAE9L88BMZ8PiV4VkfPFbDP2kvxC9gVLRdV7ucncg%2BjQ%2FRyHzQE72SVEfxymigJfQkFUnsBNPtmdcCppoZ%2Bt%2BcNgu7iimQ2xSYZB33MaJsjTJNPcuqhEth0ZYjW1%2BxWW7Buo6RY5gqimC4haB%2FeR1syi6LLlfeCpb4s%2BmaKAnt8Qv1sHp9Np7luIux%2FVz8T6mmISJnsg9Nu%2FQQ%3D%3D&amp;Expires=1774591883\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p>If you suspect you may have been affected, take these steps immediately:<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/2d825783-1e83-4145-b1f2-31433f84ef09\/Fake-Cloudflare-CAPTCHA-Pages-Spread-Infiniti-Stealer-Malware-on-macOS-Systems.pdf?AWSAccessKeyId=ASIA2F3EMEYE5BM3IVXU&amp;Signature=mCsYmqchVUzHHUHdbNw%2FxmO%2Bnhw%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD6oVW6%2Bq1wk2DIEzfY9ootU9m0B35vrjPjTb7G7WE4vgIgWEB7BZHBxqnvEzf9O0T%2F6WUbMWFToW7vj9QWCaqUJDEq%2FAQI1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDFhamTCSwefDnLw18irQBMBiRFHduqGU2iZzODa5WOv5MkJgZ9W9WI%2FGjJHQG%2FvLWTMAQhUe2e4i8IvVYTKes3q6N19QQ4G4UUkmKT5elEWmEXtIP27RYYJn6WdsdXpBZbYNsSvi6eKfyIrSj2jatwNd8fq2UChYybmGzZDZRj86xo4IM2nCuArHI53BN8FT7r9PyOi7uOV85NW%2FtB19ONGQNHBUgFGtEBmL8Il9VVup5YXkhhBqdzp2t%2FrTYYCjN8gnLrZnytVZiVyu5EzJBNnQ3hUZxDI9Jv1sbjXTQkuCVE2Wn0b3p9CA7g3g80%2BXMMohf9Sx8hC7B61NdQB2kJqFbbjO7KvFTV4LQzoxWhcQk5WT9tirAmYpyEwd0qAEq7PdbNPPy5mHvFuO12EW7DVKc%2F%2FY0SYaLQCHUpHbvJskQQtiMlRaezBlcJG6rblsWdgV9%2BYgUblIN9hH8X9dS36ahGGXTVfnvRyREtVz0iAeWGfWRfsimGp5kq3IU2wN%2BcUdaoHVvsok4D2SDpCANn5neFmZa3%2BQri3ZghsXLKyXGIi%2B4EPP4e2MPzsbds6Q3Nn1v4b8MWUHtIhsLeak%2BFwIi%2FPVpIzZxMjAJcCfWu7mNSFSlAQV9d%2B5AHsNN2XryEdxvsdI%2FdR%2Bm2QQC5%2B2pFwsBrYA7S5EjiE4ntNZ3wb5fx%2FeAdKs5gofVGhxLaDVPe%2FBm6Iu8Z45qcqMeIOvb58QCXBlm0QcJ4UuA%2BUVk9nesIYAv5SNV%2FrQG1nG2fO%2Fb%2F1TxHZN3Dw28PEFV4ahw8xhqvyz0e3yt2vSb2NrXp4w97aYzgY6mAE9L88BMZ8PiV4VkfPFbDP2kvxC9gVLRdV7ucncg%2BjQ%2FRyHzQE72SVEfxymigJfQkFUnsBNPtmdcCppoZ%2Bt%2BcNgu7iimQ2xSYZB33MaJsjTJNPcuqhEth0ZYjW1%2BxWW7Buo6RY5gqimC4haB%2FeR1syi6LLlfeCpb4s%2BmaKAnt8Qv1sHp9Np7luIux%2FVz8T6mmISJnsg9Nu%2FQQ%3D%3D&amp;Expires=1774591883\"><\/a><\/p>\n<ul class=\"wp-block-list\">\n<li>Stop using the device for sensitive activity including banking, email, and work accounts<\/li>\n<li>Change passwords from a clean device, starting with email, Apple ID, and banking credentials<\/li>\n<li>Revoke active sessions and invalidate any API tokens or SSH keys<\/li>\n<li>Look for any unusual files placed in\u00a0<code>\/tmp<\/code>\u00a0and\u00a0<code>~\/Library\/LaunchAgents\/<\/code>\n<\/li>\n<li>Run a full security scan to detect and remove any remaining malware<\/li>\n<\/ul>\n<p>No legitimate CAPTCHA page will ever ask you to open Terminal and run a command. If a website instructs you to do this, close it immediately.<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/2d825783-1e83-4145-b1f2-31433f84ef09\/Fake-Cloudflare-CAPTCHA-Pages-Spread-Infiniti-Stealer-Malware-on-macOS-Systems.pdf?AWSAccessKeyId=ASIA2F3EMEYE5BM3IVXU&amp;Signature=mCsYmqchVUzHHUHdbNw%2FxmO%2Bnhw%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD6oVW6%2Bq1wk2DIEzfY9ootU9m0B35vrjPjTb7G7WE4vgIgWEB7BZHBxqnvEzf9O0T%2F6WUbMWFToW7vj9QWCaqUJDEq%2FAQI1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDFhamTCSwefDnLw18irQBMBiRFHduqGU2iZzODa5WOv5MkJgZ9W9WI%2FGjJHQG%2FvLWTMAQhUe2e4i8IvVYTKes3q6N19QQ4G4UUkmKT5elEWmEXtIP27RYYJn6WdsdXpBZbYNsSvi6eKfyIrSj2jatwNd8fq2UChYybmGzZDZRj86xo4IM2nCuArHI53BN8FT7r9PyOi7uOV85NW%2FtB19ONGQNHBUgFGtEBmL8Il9VVup5YXkhhBqdzp2t%2FrTYYCjN8gnLrZnytVZiVyu5EzJBNnQ3hUZxDI9Jv1sbjXTQkuCVE2Wn0b3p9CA7g3g80%2BXMMohf9Sx8hC7B61NdQB2kJqFbbjO7KvFTV4LQzoxWhcQk5WT9tirAmYpyEwd0qAEq7PdbNPPy5mHvFuO12EW7DVKc%2F%2FY0SYaLQCHUpHbvJskQQtiMlRaezBlcJG6rblsWdgV9%2BYgUblIN9hH8X9dS36ahGGXTVfnvRyREtVz0iAeWGfWRfsimGp5kq3IU2wN%2BcUdaoHVvsok4D2SDpCANn5neFmZa3%2BQri3ZghsXLKyXGIi%2B4EPP4e2MPzsbds6Q3Nn1v4b8MWUHtIhsLeak%2BFwIi%2FPVpIzZxMjAJcCfWu7mNSFSlAQV9d%2B5AHsNN2XryEdxvsdI%2FdR%2Bm2QQC5%2B2pFwsBrYA7S5EjiE4ntNZ3wb5fx%2FeAdKs5gofVGhxLaDVPe%2FBm6Iu8Z45qcqMeIOvb58QCXBlm0QcJ4UuA%2BUVk9nesIYAv5SNV%2FrQG1nG2fO%2Fb%2F1TxHZN3Dw28PEFV4ahw8xhqvyz0e3yt2vSb2NrXp4w97aYzgY6mAE9L88BMZ8PiV4VkfPFbDP2kvxC9gVLRdV7ucncg%2BjQ%2FRyHzQE72SVEfxymigJfQkFUnsBNPtmdcCppoZ%2Bt%2BcNgu7iimQ2xSYZB33MaJsjTJNPcuqhEth0ZYjW1%2BxWW7Buo6RY5gqimC4haB%2FeR1syi6LLlfeCpb4s%2BmaKAnt8Qv1sHp9Np7luIux%2FVz8T6mmISJnsg9Nu%2FQQ%3D%3D&amp;Expires=1774591883\"><\/a><\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 91%,rgb(169,184,195) 100%)\"><strong>Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>,\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0<strong>Set CSN as a Preferred Source in\u00a0<a href=\"https:\/\/www.google.com\/preferences\/source?q=cybersecuritynews.com\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google<\/a>.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/fake-cloudflare-captcha-pages-spread-infiniti-stealer\/\">Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer Malware on macOS Systems<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Tushar Subhra Dutta<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/fake-cloudflare-captcha-pages-spread-infiniti-stealer\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer Malware on macOS Systems A new macOS malware that was undocumented previously, is quietly tricking users through fake Cloudflare human verification pages. Called Infiniti Stealer, this threat uses a well-known social engineering trick called ClickFix to convince Mac users into running dangerous commands directly on their own machines, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,649],"tags":[130],"class_list":["post-11654","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-threats","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/11654"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=11654"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/11654\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=11654"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=11654"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=11654"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}