Hackread reports organizations across various sectors, especially retail and hospitality, have been increasingly targeted by the FrigidStealer macOS malware, which has been spread via fraudulent browser updates to compromise sensitive information.
Attacks linked to TA2726 and TA2727 begin with the distribution of lures to download a Safari update-spoofing disk image file, which leverages AppleScript to circumvent macOS systems' Gatekeeper defenses and installs itself as a foreground application to pilfer system files, browser-stored credentials, cryptocurrency wallet details, and Apple Notes, according to findings from open-source cybersecurity provider Wazuh. Aside from utilizing legitimate process names, FrigidStealer also conceals malicious activity by deleting itself from the compromised system. With the exploitation of browser update prompts and system notifications presenting a new level of cybersecurity risk, Wazuh has called on users to download software updates only from the Mac App Store or their devices' Software Update tool.
Attacks linked to TA2726 and TA2727 begin with the distribution of lures to download a Safari update-spoofing disk image file, which leverages AppleScript to circumvent macOS systems' Gatekeeper defenses and installs itself as a foreground application to pilfer system files, browser-stored credentials, cryptocurrency wallet details, and Apple Notes, according to findings from open-source cybersecurity provider Wazuh. Aside from utilizing legitimate process names, FrigidStealer also conceals malicious activity by deleting itself from the compromised system. With the exploitation of browser update prompts and system notifications presenting a new level of cybersecurity risk, Wazuh has called on users to download software updates only from the Mac App Store or their devices' Software Update tool.
