New malware exploits fake updates to steal data

Fox News

03-03-2025

Windows has always been a favorite target for hackers, but it seems they have now figured out how to actively target Macs as well. We've seen an alarming rise in malware affecting Mac computers, stealing personal data and cryptocurrency.
Threat actors are now using AI along with elaborate social engineering tricks to target Apple users, and the company doesn't seem to be doing much about it. Meanwhile, a cybersecurity report has identified a new Mac malware called FrigidStealer, which spreads through fake browser updates and compromised websites.
A new malware strain called FrigidStealer is targeting macOS users as part of a broader campaign involving fake update scams, cybersecurity firm Proofpoint reported. FrigidStealer spreads through compromised websites that display deceptive browser update prompts. When users click on these prompts, they unknowingly download a malicious DMG file. Once executed, the malware requests the user's system password to gain elevated privileges before stealing sensitive information, including browser cookies, password-related files, cryptocurrency data and Apple Notes.
Proofpoint identified two new threat actors behind the operation: TA2726, which functions as a traffic distribution service provider, and TA2727, which delivers FrigidStealer to Mac users. The campaign also deploys malware on Windows and Android devices, signaling a multi-platform attack strategy. The cybersecurity firm assessed with high confidence that TA2726 distributes traffic for other malware campaigns as well. Some operations previously attributed to TA569 have now been reclassified under TA2726 and TA2727.
TA569 – also known as Mustard Tempest, Gold Prelude and Purple Vallhund – is linked to the cybercrime syndicate EvilCorp and was first identified in 2022.
Proofpoint also assessed with moderate confidence that TA2727 purchases traffic through online forums to spread malware, which could be its own or that of potential clients.
"These are traffic sellers and malware distributors and have been observed in multiple web-based attack chains like compromised website campaigns," the report stated, "including those using fake update-themed lures."
Threat intelligence platform KELA reported that hackers using Lumma, along with StealC, Redline and other infostealers, infected 4.3 million machines in 2024, compromising an estimated 330 million credentials. Security researchers also observed 3.9 billion credentials circulating in lists that appear to originate from infostealer logs.
Infostealer malware is expected to remain a persistent threat in 2025. With malware-as-a-service platforms on the rise and infostealers becoming more sophisticated, cybercriminals will likely continue relying on them as a primary tool for stealing credentials and infiltrating systems.
As infostealer malware continues to grow in sophistication, taking proactive steps to protect your data is more important than ever. Here are four key ways to safeguard yourself from threats like FrigidStealer, Lumma and other credential-stealing malware.
1) Beware of fake software updates: One of the most common infection methods is through deceptive browser update prompts. Never download updates from pop-ups or random websites. Instead, always update your software directly from official sources, such as the App Store or the application's official website. If in doubt, check out my detailed guide on how to keep your device and software updated.
2) Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA adds an extra layer of security by requiring a secondary verification method, such as a one-time code sent to your phone. Use 2FA for all critical accounts, including email, banking and cloud services.
3) Use a password manager: Many infostealers target saved passwords in web browsers. Instead of relying on your browser to store credentials, use a dedicated password manager. Get more details about my best expert-reviewed Password Managers of 2025 here.
4) Be cautious with downloads and links. Use a strong antivirus: Infostealer malware often spreads through malicious downloads, phishing emails and fake websites. Avoid downloading software or files from untrusted sources and always double-check links before clicking them. Attackers disguise malware as legitimate software, game cheats or cracked applications, so it is best to stick to official websites and app stores for downloads.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
As the digital landscape evolves, so do the nasty threats we face. FrigidStealer is just the latest reminder that no platform, not even macOS, is immune to the growing sophistication of cybercriminals. With infostealers like Lumma, StealC and Redline already compromising millions of devices and billions of credentials in 2024, the rise of AI-driven attacks and social engineering scams signals a challenging road ahead.
Do you think companies like Apple should be doing more to combat these evolving threats? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.