Windows has always been a favorite target for hackers, but it seems they have now figured out how to actively target Macs as well. We’ve seen an alarming rise in malware affecting Mac computers, stealing personal data and cryptocurrency. Threat actors are now using AI along with elaborate social engineering tricks to target Apple users, and the company doesn’t seem to be doing much about it. Meanwhile, a cybersecurity report has identified a new Mac malware called FrigidStealer, which spreads through fake browser updates and compromised websites.
What you need to know
A new malware strain called FrigidStealer is targeting macOS users as part of a broader campaign involving fake update scams, cybersecurity firm Proofpoint reported. FrigidStealer spreads through compromised websites that display deceptive browser update prompts. When users click on these prompts, they unknowingly download a malicious DMG file. Once executed, the malware requests the user’s system password to gain elevated privileges before stealing sensitive information, including browser cookies, password-related files, cryptocurrency data, and Apple Notes. Proofpoint identified two new threat actors behind the operation: TA2726, which functions as a traffic distribution service provider, and TA2727, which delivers FrigidStealer to Mac users. The campaign also deploys malware on Windows and Android devices, signaling a multi-platform attack strategy. The cybersecurity firm assessed with high confidence that TA2726 distributes traffic for other malware campaigns as well. Some operations previously attributed to TA569 have now been reclassified under TA2726 and TA2727.
TA569—also known as Mustard Tempest, Gold Prelude, and Purple Vallhund—is linked to the cybercrime syndicate EvilCorp and was first identified in 2022.
Proofpoint also assessed with moderate confidence that TA2727 purchases traffic through online forums to spread malware, which could be it’s own or that of potential clients. “These are traffic sellers and malware distributors and have been observed in multiple web-based attack chains like compromised website campaigns,” the report stated, “including those using fake update-themed lures.”
Proofpoint
BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS
Infostealers are on the rise
Threat intelligence platform KELA reported that hackers using Lumma, along with StealC, Redline, and other infostealers, infected 4.3 million machines in 2024, compromising an estimated 330 million credentials. Security researchers also observed 3.9 billion credentials circulating in lists that appear to originate from infostealer logs.
Infostealer malware is expected to remain a persistent threat in 2025. With malware-as-a-service platforms on the rise and infostealers becoming more sophisticated, cybercriminals will likely continue relying on them as a primary tool for stealing credentials and infiltrating systems.
FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU
4 ways to stay safe from infostealer malware
As infostealer malware continues to grow in sophistication, taking proactive steps to protect your data is more important than ever. Here are four key ways to safeguard yourself from threats like FrigidStealer, Lumma, and other credential-stealing malware.
1) Beware of fake software updates: One of the most common infection methods is through deceptive browser update prompts. Never download updates from pop-ups or random websites. Instead, always update your software directly from official sources, such as the App Store or the application’s official website. If in doubt, check out my detailed guide on how to keep your device and software updated.
2) Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA adds an extra layer of security by requiring a secondary verification method, such as a one-time code sent to your phone. Use 2FA for all critical accounts, including email, banking, and cloud services.
3) Use a Password Manager: Many infostealers target saved passwords in web browsers. Instead of relying on your browser to store credentials, use a dedicated password manager.
One of the best password managers out there is NordPass. It is secure, user-friendly and uses zero-knowledge and military-grade XChaCha20 encryption to protect your data. It supports Windows, macOS, Linux, Android, iOS, and major browsers while offering unlimited password storage, secure sharing, password health reports, data breach monitoring, auto-fill, and emergency access.
4) Be cautious with downloads and links, and use strong antivirus: Infostealer malware often spreads through malicious downloads, phishing emails, and fake websites. Avoid downloading software or files from untrusted sources, and always double-check links before clicking them. Attackers disguise malware as legitimate software, game cheats, or cracked applications, so it is best to stick to official websites and app stores for downloads.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS
Kurt’s key takeaway
As the digital landscape evolves, so do the nasty threats we face. FrigidStealer is just the latest reminder that no platform, not even macOS, is immune to the growing sophistication of cybercriminals. With infostealers like Lumma, StealC, and Redline already compromising millions of devices and billions of credentials in 2024, the rise of AI-driven attacks and social engineering scams signals a challenging road ahead.
Do you think companies like Apple should be doing more to combat these evolving threats? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.