Windows has long been a prime target for cybercriminals, but recent developments indicate that Mac users are now facing an escalating threat as well. The emergence of malware specifically designed to infiltrate macOS systems has raised alarms among cybersecurity experts. This surge in malicious activity is not just a coincidence; it reflects a broader trend where hackers are increasingly employing artificial intelligence and sophisticated social engineering tactics to exploit Apple users.
Among the most concerning new threats is a malware strain dubbed FrigidStealer, which has been identified by cybersecurity firm Proofpoint. This malware spreads through deceptive browser update prompts on compromised websites. When unsuspecting users click on these prompts, they inadvertently download a malicious DMG file. Once activated, FrigidStealer seeks elevated privileges by requesting the user’s system password, allowing it to pilfer sensitive information, including browser cookies, password files, cryptocurrency data, and even notes stored in Apple’s Notes app.
Identifying the Threat Actors
Proofpoint has traced the operations of FrigidStealer to two distinct threat actors: TA2726 and TA2727. TA2726 operates as a traffic distribution service provider, while TA2727 is responsible for delivering the malware to Mac users. This campaign is not limited to macOS; it also targets Windows and Android devices, indicating a multi-platform strategy that could pose risks across various operating systems. The cybersecurity firm has high confidence that TA2726 is involved in distributing traffic for other malware campaigns as well, with some operations previously attributed to another group, TA569, now reclassified under TA2726 and TA2727.
TA569, known by various aliases including Mustard Tempest and Gold Prelude, is linked to the notorious cybercrime syndicate EvilCorp, which has been active since 2022. Proofpoint has also assessed that TA2727 may purchase traffic through online forums to facilitate the spread of malware, whether it be their own or that of clients.
The Rise of Infostealers
The threat landscape is further complicated by the rise of infostealer malware. According to the threat intelligence platform KELA, hackers utilizing tools like Lumma, StealC, and Redline infected approximately 4.3 million machines in 2024, compromising an estimated 330 million credentials. Security researchers have noted that around 3.9 billion credentials are currently circulating in lists believed to originate from infostealer logs. As malware-as-a-service platforms proliferate and infostealers grow more sophisticated, the expectation is that these threats will remain a persistent issue into 2025.
Strategies for Protection
In light of these evolving threats, it is crucial for users to adopt proactive measures to safeguard their data. Here are four essential strategies to protect against infostealer malware:
- Beware of fake software updates: Deceptive browser update prompts are a common infection method. Always download updates directly from official sources, such as the App Store or the application’s website.
- Enable two-factor authentication (2FA): This adds an extra layer of security, requiring a secondary verification method, such as a one-time code sent to your phone, for critical accounts.
- Use a password manager: Rather than relying on your browser to store credentials, utilize a dedicated password manager to enhance security.
- Exercise caution with downloads and links: Avoid downloading software or files from untrusted sources, and always verify links before clicking. Strong antivirus software can provide additional protection against malicious downloads and phishing attempts.
As the digital landscape continues to evolve, the threats posed by malware like FrigidStealer serve as a stark reminder that no platform is immune to cybercriminal activity. With the increasing sophistication of attacks, users must remain vigilant and informed to protect their personal information and digital assets.
