Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

New Web Inject Attack Campaigns Targeting MacOS Users To Deploy FrigidStealer Malware

Security researchers at Proofpoint have uncovered a sophisticated web inject campaign targeting MacOS users with a new information-stealing malware called FrigidStealer. The operation involves two newly identified threat actors, TA2726 and TA2727, collaborating to compromise legitimate websites and redirect victims to fake browser update pages. As organizations harden email defenses, threat actors increasingly exploit compromised websites and abused CDNs to bypass traditional security perimeters. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. North American users are funneled to TA569’s SocGholish malware, while European and Asian traffic is directed to TA2727’s payload delivery system. For Mac users, researchers at Proofpoint noted that this results in a tailored attack: Safari or Chrome users see forged update prompts that download FrigidStealer via weaponized DMG files. TA2727 coordinates payload delivery through domains like deski[.]fastcloudcdn[.]com, which serve geographically filtered scripts to Windows, Android, and Mac users. Security teams should prioritize detecting traffic to TA2726’s TDS infrastructure (blackshelter[.]org, rednosehorse[.]com) and monitor for suspicious AppleScript activity. The attack chain begins when TA2726, a traffic distribution service (TDS) operator, injects malicious JavaScript into compromised websites. Proofpoint’s Emerging Threats ruleset now includes signatures to block these domains, while endpoint solutions must scrutinize ad-hoc signed binaries claiming to be browser updaters. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Regular patching, user education about fake updates, and restricting unsigned application executions remain critical defenses against these evolving threats. The malware employs advanced social engineering tactics, using WailsIO frameworks to render browser-like interfaces that mimic legitimate installers. Victims receive instructions to right-click and “Open” the malicious application, bypassing macOS Gatekeeper protections.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 19 Feb 2025 20:35:07 +0000

Cyber News related to New Web Inject Attack Campaigns Targeting MacOS Users To Deploy FrigidStealer Malware

New FrigidStealer infostealer infects Macs via fake browser updates - Windows users get an MSI installer that loads Lumma Stealer or DeerStealer, Mac users receive a DMG file that installs the new FrigidStealer malware, and Android users receive an APK file that contains the Marcher banking trojan. FakeUpdate ...
6 months ago Bleepingcomputer.com

New Web Inject Attack Campaigns Targeting MacOS Users To Deploy FrigidStealer Malware - Security researchers at Proofpoint have uncovered a sophisticated web inject campaign targeting MacOS users with a new information-stealing malware called FrigidStealer. The operation involves two newly identified threat actors, TA2726 and TA2727, ...
6 months ago Cybersecuritynews.com

macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com

Cybersecurity Awareness Campaigns in Education - Cybersecurity awareness campaigns in education are essential to protect digital systems and information. The target audience for cybersecurity awareness campaigns in education includes students, teachers, administrators, and other staff members. ...
1 year ago Securityzap.com

Hackers Inject FrigidStealer Malware on Your macOS Via Fake Browser Updates - This division of labor allows TA2726 to handle website compromises and traffic filtering, while TA2727 deploys tailored payloads, including FrigidStealer for macOS, Lumma Stealer for Windows, and Marcher banking trojan for Android. Cybersecurity firm ...
6 months ago Cybersecuritynews.com

PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com

The Invisible Storm: Why Cloud Malware Is Your Business's New WeatherEmergency - Protecting your business from cloud malware requires a fundamental shift in security thinking, as traditional defenses simply weren’t designed for these sophisticated airborne threats. Recent research by Cloud Storage Security identified ...
3 months ago Cybersecuritynews.com

RustDoor malware targets macOS users by posing as a Visual Studio Update - A new malware called RustDoor is targeting macOS users. The malware has been undetected for 3 months, and poses as a Microsoft Visual studio Update. ADVERTISEMENT. The malware was discovered by Bitdefender. Bitdefender products identify the malware ...
1 year ago Ghacks.net

Top 10 Best Dynamic Malware Analysis Tools in 2025 - FireEye Malware AnalysisEnterprise-grade solution, zero-day detection, integration with threat intelligence, memory forensics.Enterprise-grade malware detection and forensicsPricing details not publicly available; contact for quote.Yes6. Detux ...
6 months ago Cybersecuritynews.com

Sophisticated macOS Infostealers Get Past Apple's Built-In Detection - Increasingly sophisticated infostealers are targeting macOS with the capability to evade Apple's built-in malware protection, as attackers are becoming more savvy about how to crack static signature-detection engines like the platform's proprietary ...
1 year ago Darkreading.com Hunters

Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
1 year ago Pandasecurity.com

February 2024's Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign - Our latest Global Threat Index for February 2024 saw researchers uncover a fresh FakeUpdates campaign compromising WordPress websites. These sites were infected using hacked wp-admin administrator accounts, with the malware adapting its tactics to ...
1 year ago Blog.checkpoint.com

Fake Browser Updates Targeting Mac Systems With Infostealer - A widely popular social engineering campaign previously only targeting Windows systems has expanded and is now using fake browser updates to distribute Atomic Stealer, a dangerous information stealer, to macOS systems. Experts say this could be the ...
1 year ago Darkreading.com

How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
1 year ago Pandasecurity.com

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com