A new macOS malware called FrigidStealer is spreading through fake browser update alerts, allowing attackers to steal sensitive data, according to research from Proofpoint. This sophisticated campaign, embedded in legitimate sites, tricks users into bypassing macOS security measures. Once installed, the malware extracts browser cookies, stored passwords, cryptocurrency-related files, and Apple Notes – potentially exposing both personal and enterprise data.
The two newly identified threat actors operate parts of these web-inject campaigns:
- TA2726, which may act as a traffic distribution service for other threat actors.
- TA2727, a group that distributes FrigidStealer and malware for Windows and Android. They may use fake update alerts to enable malware and are…