FrigidStealer malware is a new cybersecurity threat targeting macOS users through fake browser updates, a recent report warns. Attackers inject malicious scripts into compromised websites, tricking users into downloading malware.
How the Attack Works
The attack originates from TA2727, a cybercriminal group that uses fake update lures to spread malware. These attackers distribute multiple info-stealers, including Lumma Stealer for Windows and Marcher for Android.
Hackers compromise legitimate websites and insert JavaScript-based injects. When users visit these infected sites, they see fake browser update prompts for Chrome or Safari. If they download the fake update, FrigidStealer installs on macOS.
FrigidStealer’s Capabilities
FrigidStealer requires users to manually open the installer, bypassing macOS security. Once executed, it harvests system files, browser data, Apple Notes, and cryptocurrency wallet information. The malware uses AppleScript to trick users into entering system passwords, granting elevated privileges.
Reports indicate that FrigidStealer is built with WailsIO, a tool that renders browser-like interfaces, making it appear legitimate. This enhances its social engineering tactics, increasing infection rates.
Broader Threat Landscape
This campaign is part of a larger cybercrime network. Another group, TA2726, manages malicious traffic distribution, helping TA2727 and other hackers spread malware. These actors primarily target enterprise users but have now expanded to macOS consumers worldwide.
Security researchers have also discovered other macOS threats, including Tiny FUD, a stealthy backdoor, and new information stealers like Astral Stealer and Flesh Stealer. These threats evade detection and steal sensitive user data.
How to Prevent This Attack
Users must avoid downloading browser updates from pop-ups or unverified sources. Instead, they should only update software directly from official websites. Additionally, enabling Gatekeeper and XProtect helps block unsigned apps.
Organizations should train employees to recognize phishing tactics and regularly audit website security to prevent malicious script injections. Keeping macOS security tools updated is crucial to blocking these evolving threats.
