New Malware Exploits Fake Updates to Steal Data

Mac users, beware! A new and particularly nasty malware strain called FrigidStealer is making the rounds, and it’s not playing favorites. According to cybersecurity firm Proofpoint, this malware targets macOS users through fake browser updates and compromised websites. Once it sneaks into your system, it can steal browser cookies, password files, cryptocurrency data, and even your Apple Notes. Yes, even your notes aren’t safe anymore.

Here’s how it works: unsuspecting users click on deceptive update prompts on compromised websites, which then download a malicious DMG file. When executed, the malware demands the system password to gain elevated privileges. The result? A treasure chest of stolen sensitive data for cybercriminals. Proofpoint has identified two threat actors—TA2726 and TA2727—behind this operation, with TA2726 acting as a traffic distributor and TA2727 delivering FrigidStealer to Mac users. And it doesn’t stop at Macs. This campaign also targets Windows and Android devices, proving that these cybercriminals are equal-opportunity offenders.

There’s also a historical twist to this tale. Operations once attributed to another group, TA569 (a.k.a. Mustard Tempest, Gold Prelude, or Purple Vallhund), have now been reclassified under TA2726 and TA2727. For those keeping score, TA569 is linked to the notorious EvilCorp cybercrime syndicate, first identified in 2022. It seems the bad guys are leveling up their game.

Adding to the bigger picture, a report from threat intelligence platform KELA has revealed that infostealer malware infected 4.3 million machines in 2024, compromising a staggering 330 million credentials. And if that doesn’t make you double-check your password manager, 3.9 billion credentials from infostealer logs are circulating online. The takeaway? Infostealers are here to stay, and 2025 is shaping up to be no less dangerous.

So, how do you stay safe from threats like FrigidStealer and its ilk? Here are some practical steps:

• Watch out for fake updates: Never download updates from pop-ups or random websites. Always use official sources like the App Store or the application’s official site.
• Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA adds an extra layer of security.
• Use a password manager: Avoid storing passwords in your browser and opt for a dedicated password manager instead.
• Be cautious with downloads: Stick to trusted sources and use antivirus software to detect suspicious activities.

Cybercriminals are getting smarter, and their tools—like malware-as-a-service platforms—are evolving just as quickly. It’s a chilling reminder that no platform, not even macOS, is immune to these threats. And while Apple has built a reputation for robust security, this is a wake-up call for the tech giant to step up its game.

Do you think companies like Apple are doing enough to counter these increasingly sophisticated threats? That’s a debate worth having. But for now, the best defense starts with you—smart browsing habits, strong passwords, and a healthy dose of skepticism when that pop-up urges you to update your browser.