Infinity Stealer is a newly identified macOS infostealer that tricks users into executing a malicious Terminal command disguised as a Cloudflare CAPTCHA verification. Once run, it harvests browser credentials, macOS Keychain data, cryptocurrency wallets, and developer environment secrets (.env files). Organizations with macOS-using developers or finance personnel holding crypto assets face elevated risk of credential theft and potential supply chain exposure if secret stores are compromised.