Summary: A newly discovered information stealer malware called FrigidStealer is targeting macOS users through a compromised website disguised as a browser update. Developed using the Go programming language, it prompts users for passwords and exfiltrates sensitive information, including browser cookies and cryptocurrency files, to a command-and-control server. The malware is distributed by a financially motivated group known as TA2727 and employs tactics similar to previous campaigns against other platforms.
Affected: macOS users
Keypoints :
- FrigidStealer is delivered via a fake browser update on a compromised website.
- The malware prompts users for their passwords and harvests sensitive data, including browser cookies and Apple Notes.
- TA2727 utilizes redirection tactics, leveraging a traffic distribution service operated by TA2726.
Source: https://www.securityweek.com/new-frigidstealer-macos-malware-distributed-as-fake-browser-update/