Home News Cybercriminals Use Fake macOS Updates to Distribute Malware “FrigidStealer”
News

Cybercriminals Use Fake macOS Updates to Distribute Malware “FrigidStealer”

289

Cybercriminals are increasingly using fake macOS update prompts to spread a new malware known as FrigidStealer, according to recent findings by cybersecurity firm Proofpoint. The attack, attributed to two separate threat actors, TA2726 and TA2727, uses a clever technique that tricks macOS users into downloading and installing malware disguised as a software update.

How the Attack Works

The fake update campaign begins when users visit a compromised website that triggers a popup. The popup falsely warns users they need to update their macOS or browsers to continue accessing the site. Instead of a legitimate update, victims end up downloading and executing the FrigidStealer malware installer. This malware, typical of information stealers, steals sensitive data such as browser cookies, passwords, cryptocurrency information, and Apple Notes files.

Stolen data is stored on the victim’s device before being sent to the attacker’s command-and-control (C2) server located at askforupdate[.]org. Proofpoint’s research shows that TA2727 is responsible for distributing the malware, while TA2726 plays a crucial role as a Traffic Distribution System (TDS) operator, redirecting traffic to the malware payloads.

Targeting Multiple Platforms

Although the malware primarily targets macOS, other platforms are also affected. The attackers are using Lumma Stealer and DeerStealer to target Windows users, and the Marcher Banking Trojan to infect Android devices.

The victims of this campaign are mostly based in North America and Europe, according to Proofpoint’s observations. While fake update scams are not new, with previous campaigns like SocGholish (operating since 2018) using similar tactics, FrigidStealer’s emergence highlights the ever-evolving nature of cybercriminal tactics.

Conclusion

Cybercriminals continue to adapt their methods, with fake update prompts being an increasingly popular way to deliver malware. Users must be cautious about unsolicited update requests and ensure they are downloading software updates from trusted sources to avoid falling victim to these kinds of attacks.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...