1. Forum
  2. Usenet
  3. COMP.OS.LINUX.ADVOCACY

  • New Mac Infostealer Warning - Read This Before Updating Your Browser

    From RottenApples@21:1/5 to All on Mon Feb 24 00:24:51 2025
    XPost: misc.phone.mobile.iphone, talk.politics.guns, sac.politics
    XPost: alt.comp.os.windows-11

    There’s a very reasonable argument to suggest that Microsoft devices are
    more at risk than Apple ones, thanks to the number of Windows users and
    the accompanying effort that cybercriminals put into attempts to
    compromise them. That doesn’t mean that Windows is an inherently
    insecure operating system, however, and Windows 10 users are urged to
    upgrade, for free, to Windows 11 before Microsoft stops providing
    security support for the former. But I digress. The flip side of this
    argument is that it does not mean that macOS is a security haven just
    because there is less concerted effort to compromise devices. If your
    MacBook Pro gets breached or your data gets stolen, it will be cold
    comfort knowing that it was a lower-risk environment than your mate with
    a Windows machine, right?

    The truth of the matter is that new hacking groups are emerging all the
    time, along with new Mac malware threats that target your device. Two
    new criminal enterprises have been identified with one common and
    dangerous denominator: FrigidStealer Apple data theft attacks. Here’s
    what you need to know.

    New Mac Attack Groups Unveiled By Proofpoint Threat Researchers
    The Proofpoint security threat research team has confirmed that two new cybercrime attack groups are actively targeting users of the macOS platform.

    In a Feb. 18 report, An Update on Fake Updates, the security researchers detailed how the very dynamic web injection threat landscape has
    welcomed, if that’s the right word, two new and dangerous threat actors
    named as TA2726 and TA2727.

    “These are traffic sellers and malware distributors and have been
    observed in multiple web-based attack chains like compromised website campaigns,” the report stated, “including those using fake update-themed lures.” Critically, these hacking groups do not use email-based
    campaigns but instead rely upon using otherwise legitimate but
    ultimately comprom

    New Mac Infostealer Identified As FrigidStealer Malware
    The brand new macOS malware in question has been identified by the
    Proofpoint researchers as FrigidStealer. This is an out-and-out
    information stealer, targeting macOS devices and delivered by way of the aforementioned compromised websites using fake update prompts. The
    threat actors have been observed, the report stated, employing
    “sophisticated techniques including website compromises, redirection,
    and user agent filtering, to deliver tailored malware payloads based on geography and operating system.”

    Politely referring to the hackers as “creative,” Kunal Agarwal, CEO of dope.security, said that they have “filled the internet with traps and
    lures to trick the unsuspecting web surfer into putting something
    malicious on his device, whether it’s FrigidStealer or something else.” None of these attacks can work unless the victim has been lured into
    ending up somewhere they really shouldn’t be. In the case of
    FrigidStealer, that’s a website that is seemingly delivering a genuine
    web browser update. The reality is, of course, far from authentic. The
    update is nothing but a malware dropper. “For a payload like this to
    trigger, you first have to end up on a malicious site,” Agarwal said;
    “But a good web filtering solution should protect the average employee
    from the worst of it." Don’t. Visit. These. Sites.

    The mitigation advice of don’t visit these websites sounds simple
    enough. But given the use of social engineering and web injection of
    genuine sites, is it that easy in practice? I’d argue that, yes, it
    really should be. After all, with a little bit of user training and
    awareness, the notion that a browser update prompt would appear on a
    random site is obviously a huge red flag. Browser updates can be best controlled in an enterprise environment through browser isolation and
    group policy. End users should be alert for anything unusual, such as an
    update prompt where one shouldn’t be. So, Mac users, be careful out
    there. Don’t visit these malicious sites, and if you do find yourself
    there somehow do not download anything and report it to your security
    team as soon as possible.

    https://www.forbes.com/sites/daveywinder/2025/02/21/new-mac-infostealer-warning-do-not-visit-these-sites/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)