Summary: Cybersecurity researchers have identified a new macOS malware called FrigidStealer, linked to a threat actor known as TA2727, that uses fake update lures to compromise users. This campaign, active since at least September 2022, also points to the collaboration with other financially motivated threat actors like TA2726 and TA569. The malware exploits web injects to collect sensitive information, targeting both enterprise and consumer users, particularly macOS users outside North America.
Affected: macOS users
Keypoints :
- FrigidStealer is distributed through fake update notifications and requires the user to launch an unsigned app to bypass security measures.
- The malware uses AppleScript to gain system access and harvest sensitive information from various applications.
- TA2727’s operations leverage compromised websites to deliver tailored malware based on the user’s geography or device.
Source: https://thehackernews.com/2025/02/new-frigidstealer-malware-targets-macos.html