HQ/EMEAFind out how we can help your business
A couple of cybercriminal groups are currently targeting Mac users with a new infostealer malware dubbed FrigidStealer.
Reports revealed that the two additional cybercrime gangs, TA2726 and TA2727, are launching campaigns to spread this new macOS infostealer. Moreover, despite the campaign being classified as a Mac-focused operation, it also includes Windows and Android payloads to cover a broad spectrum of targets.
However, in this campaign, TA2727 and TA2726 collaborate, with the latter serving as a traffic distributor and facilitator and the former as the malware distributor.
The FrigidStealer infection method is through a FakeUpdate campaign.
FakeUpdate campaigns, which is the alleged vector of the FrigidStealer malware, occur when threat actors breach websites and inject malicious JavaScript into the HTML of online pages, displaying false alerts that the user must install a browser update.
This web injects profile website users via a TDS and selects victims for infection depending on their location, device, OS, and browser type. From the user’s perspective, the message appears legitimate since it comes from Google or Safari, indicating that a browser upgrade is required to view the site. However, clicking the “Update” button downloads a malicious program that mimics an update.
On the other hand, Windows users receive an MSI installer that launches Lumma Stealer or DeerStealer. In contrast, Mac users receive a DMG file that installs the new FrigidStealer virus, and Android users receive an APK file containing the Marcher banking trojan.
Mac users must manually open the download by right-clicking on the file and selecting Open. Afterwards, they will be prompted to enter their password to bypass macOS Gatekeeper defences.
For the past years, infostealer campaigns have grown significantly, which has made them a concern for global operations. These activities result in devastating attacks on both home users and companies.
These attacks commonly result in financial fraud, data breaches, extortion, privacy violations, and ransomware attacks. To avoid infostealer infections, never execute any commands or downloads prompted by websites, especially those that appear to be patches, updates, or captchas.
Users who may have already been infected with infostealers must change their passwords at every site where they have an account.
