Infinity Stealer is a macOS-targeting infostealer campaign using ClickFix social engineering to trick users into executing a malicious Terminal command, then deploying a Nuitka-compiled Python payload to harvest browser credentials, macOS Keychain data, cryptocurrency wallets, and developer .env secrets. No CVE is assigned; this is a social engineering and behavioral detection challenge with no patchable fix. Organizations with macOS-using developers or finance personnel should deploy behavioral EDR detection rules for Terminal commands initiated from browser processes and enforce prohibitions on copy-paste command execution from browser sessions.