New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

Listen to this Post

Cyber security researchers have uncovered FrigidStealer, a new macOS malware spread through fake browser updates. This malware is part of a broader campaign by the TA2727 group, also known for distributing malware on Windows and Android.

Key takeaways:

  • FrigidStealer : A new malware targeting macOS, exploiting fake browser update prompts.
  • Attack Method: Uses web injects to redirect users to download pages, where they’re tricked into installing the malware.
  • Threat Actor: Linked to TA2727, a group that targets Windows with Lumma Stealer and Android with Marcher.
  • Security Bypass: The malware requires manual launch to bypass macOS Gatekeeper, after which it steals sensitive data.
  • User Caution: macOS users should be wary of unexpected update notifications and only download from official sources.

Practice Verified Codes and Commands:

1. Check for Malicious Processes on macOS:

ps aux | grep -i "FrigidStealer"

2. Monitor Network Connections:

lsof -i -n -P

3. Scan for Malicious Files:

sudo find / -name "<em>FrigidStealer</em>"

4. Check for Unauthorized Launch Agents:

ls -la /Library/LaunchAgents/

5. Verify Browser Extensions:

ls -la ~/Library/Application\ Support/Google/Chrome/Default/Extensions/

6. Remove Suspicious Files:

sudo rm -rf /path/to/suspicious/file

7. Update macOS Security Settings:

sudo spctl --master-enable

8. Check for Unauthorized Certificates:

security find-identity -v -p codesigning

9. Monitor System Logs:

log show --predicate 'eventMessage contains "FrigidStealer"' --info

10. Block Malicious IPs:

sudo pfctl -t blocklist -T add 192.168.1.1

What Undercode Say:

The discovery of FrigidStealer underscores the importance of vigilance in the face of evolving cyber threats. macOS users, often perceived as less vulnerable, are increasingly targeted by sophisticated malware campaigns. The TA2727 group’s use of fake browser updates highlights the need for users to verify the authenticity of software updates and downloads.

To mitigate such threats, users should regularly update their systems, employ robust security tools, and remain cautious of unsolicited update prompts. The provided commands and codes offer practical steps to detect and remove FrigidStealer, ensuring a more secure computing environment.

In addition to these measures, users should consider implementing advanced threat detection systems and regularly review their system logs for unusual activity. The integration of comprehensive cybersecurity practices, such as regular backups and the use of multi-factor authentication, can further enhance protection against malware like FrigidStealer.

For more detailed information on FrigidStealer and related threats, visit the following URLs:
Threat Hunting Package
FrigidStealer Details

By staying informed and proactive, users can significantly reduce their risk of falling victim to such malicious campaigns. The cybersecurity landscape is ever-changing, and continuous education and adaptation are key to maintaining a secure digital presence.

References:

Hackers Feeds, Undercode AIFeatured Image