Beware of FrigidStealer Malware Targeting Macs Through Fake Browser Updates!

Reading time: About 1 minute
by
FrigidStealer : ce malware cible votre Mac via de fausses mises à jour de navigateurPin
LinkedInRedditWhatsApp
Mac users are not immune to cyberattacks, and the emergence of a new malware, FrigidStealer, serves as a stark reminder. According to cybersecurity researchers at Proofpoint, two hacker groups, TA2726 and TA2727, are deploying fake browser updates to ensnare their victims. The goal: to steal sensitive data directly from macOS systems.

Amazon co-founder MacKenzie Scott has donated over $19 billion to charity in just five years
Diamond batteries powered by nuclear waste promise 28,000 years of clean energy

How Does This Scam Work?

The attack unfolds in a rather typical fashion: while browsing a compromised website, the user encounters a fraudulent update alert for their browser, typically Google Chrome or Safari. If the user clicks on the Update button, they actually download a malicious DMG file.

TA2726 acts as the facilitator by redirecting internet users to deceptive websites, while TA2727 directly injects the malware. After downloading and opening the file, the user unwittingly installs FrigidStealer. The process even prompts the victim to bypass macOS’s security features by forcing the application to open, which temporarily disables Gatekeeper, Apple’s built-in security system.

What FrigidStealer Steals

Once installed, FrigidStealer begins to discreetly gather sensitive data. It employs tools like AppleScript and osascript to collect:
Browser cookies (which might contain active sessions)
Cryptocurrency-related files
Notes stored in Apple Notes (except for locked ones, which remain encrypted, but please stop storing your passwords in Notes)

The gathered data is then sent to a remote server controlled by the cybercriminals, allowing them to exploit the stolen information at will.

Not Just Mac: Windows and Android Are Also Affected

Mac users are not the only targets. On Android, similar attacks can install Marcher, a banking trojan active since 2013. On the Windows side, users can be infected by malwares like Lumma Stealer or DeerStealer, which are designed to steal login credentials and financial data.

How to Avoid Falling for These Traps?

To protect yourself, it’s best to remain vigilant against suspicious update notifications, especially those that pop up during web browsing. The best practice is to never click directly on an alert. Instead, check for updates directly through the application or on its official website. Keeping your antivirus software updated is also a critical defense to detect such threats before it’s too late, particularly if you’re using Windows.

3.8/5 - (33 votes)

Leave a Comment