Malware News New FrigidStealer infostealer infects Macs via fake browser updates

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/new-frigidstealer-infostealer-infects-macs-via-fake-browser-updates/

The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer.

The new malware is delivered to Mac users, but the same campaign also uses Windows and Android payloads to cover a broad range of targets.

The new campaign was discovered by researchers at Proofpoint, who note that malicious JavaScript to display fake browser update messages is being adopted by a rising number of threat actors, making tracking and analysis increasingly tricky.

In this campaign, TA2726 and TA2727 work together, with the former acting as the traffic distributor and facilitator and the latter as the malware distributor.

TA2726 has been active since at least September 2022, selling traffic to other cybercriminals. It often leverages Keitaro TDS, a widely abused legitimate traffic distribution service.

TA2727 is a financially motivated threat group first identified in January 2025, deploying Lumma Stealer for Windows, Marcher for Android, and FrigidStealer for macOS.

To stay clear from infostealer infections, do not ever execute any commands or downloads prompted by websites, especially those pretending to be fixes, updates, or captchas.

For those who become infected with infostealers, you must change the passwords at every site you have an account, especially if you use the same password at multiple sites.

New FrigidStealer infostealer infects Macs via fake browser updates

The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer.

www.bleepingcomputer.com