Apple iMac. Cybercriminals are ramping up their use of fake software updates to distribute malware, and Mac users are in the crosshairs with a new strain. Researchers have identified two new threat actors, TA2726 and TA2727, who are using web inject campaigns to deliver malware. These actors use fake update lures — often presented as browser updates — to trick users into downloading harmful software, including a newly discovered macOS malware called FrigidStealer.
Historically, the threat actor TA569 and its SocGholish web injects dominated the fake update space, often leading to ransomware attacks. However, beginning in 2023, copycat actors began emerging, complicating efforts to track these threats. The influx of new players using similar tactics has made it difficult for analysts to distinguish between threat actors and their campaigns, according to Proofpoint, the team behind the discovery.
FrigidStealer is a new information-stealing malware specifically aimed at macOS. The malware is delivered through compromised websites, which present fake browser update prompts to visitors. If a Mac user clicks the "Update" button, they unknowingly download a malicious DMG file.
Once installed, FrigidStealer employs AppleScript and osascript to collect sensitive data, including browser cookies, cryptocurrency-related files, and even Apple Notes. While locked notes in Apple Notes are end-to-end encrypted, any unlocked notes or those stored as plain files in the Desktop or Documents folders might be vulnerable.
The stolen data is then sent to a command-and-control server at askforupdate[.]org. The attack chain starts when a user visits a compromised website. TA2726's TDS redirects them to a malicious domain controlled by TA2727. Depending on the user's device and browser, they receive tailored fake update prompts. For Mac users, the malware appears as a legitimate Google Chrome or Safari update.
When the "Update" button is clicked, the malicious DMG file is downloaded, and the installation process prompts the user to bypass macOS Gatekeeper security. FrigidStealer then runs a Mach-O executable built with WailsIO, making the fake installer appear authentic.
The malware extracts sensitive data and exfiltrates it to its command-and-control server, completing the attack. To stay safe from fake update scams, always be wary of unexpected software update prompts, especially if they appear while browsing the web. Next, instead of clicking on pop-ups, go directly to the official website or open the app's built-in update function to ensure you're getting legitimate software.
Finally, keeping your security software up to date will help detect and block potential threats. Andrew is a writer and commentator who has been sharing his insights on technology since 2015. He has authored numerous online articles covering a range of topics including Apple, privacy, and security. Andrew joined ...
Yoto Mini is a tiny, pocketable music player for kids and toddlers that shuns screens. While staying kid-friendly, it adds a surprising amount of tech for endless entertainment. Mark S may have no idea who Jake from State Farm is, but a new ad featuring the insurance company and Apple TV+ hit "Severance" brings them together.
Apple only just revealed the C1 modem with iPhone 16e on Wednesday, but there's already a rumor about the C2 being tested internally. The custom modem in the iPhone 16e lays the groundwork for future Apple projects, as the company intends to use its proprietary modems across future products.
The long-rumored iPhone 17 Air may be equipped with a slightly larger display than originally anticipated, according to a source with a mixed track record. If you're confused about who the iPhone 16e is for, you're not alone — I know I won't be upgrading.
A benchmark has allegedly surfaced that could be by the upcoming M4 MacBook Air refresh, a possible sign of an impending launch for the budget portable Mac. Apple-focused IT teams can now automate device management and data backup through a single platform with a new integration.
iPerf3 is a network throughput tool used to measure the performance of the network your Mac is using. Here's how to use it in the macOS Terminal app. Apple Intelligence is still in its infancy, but not everyone wants to use it. Here's how to disconnect from Apple Intelligence on iOS and macOS.
