New malware exploits fake updates to steal data

New malware exploits fake updates to steal data

Mac malware is on the rise, but here's how you can stay safe

by Kurt Knutsson
image_printPrint this article

Windows has always been a favorite target for hackers, but it seems they have now figured out how to actively target Macs as well. We’ve seen an alarming rise in malware affecting Mac computers, stealing personal data and cryptocurrency. Threat actors are now using AI along with elaborate social engineering tricks to target Apple users, and the company doesn’t seem to be doing much about it. Meanwhile, a cybersecurity report has identified a new Mac malware called FrigidStealer, which spreads through fake browser updates and compromised websites.

 

 

 

A macbook next to a coffee mug

 

What you need to know

A new malware strain called FrigidStealer is targeting macOS users as part of a broader campaign involving fake update scams, cybersecurity firm Proofpoint reported. FrigidStealer spreads through compromised websites that display deceptive browser update prompts. When users click on these prompts, they unknowingly download a malicious DMG file. Once executed, the malware requests the user’s system password to gain elevated privileges before stealing sensitive information, including browser cookies, password-related files, cryptocurrency data, and Apple Notes. Proofpoint identified two new threat actors behind the operation: TA2726, which functions as a traffic distribution service provider, and TA2727, which delivers FrigidStealer to Mac users. The campaign also deploys malware on Windows and Android devices, signaling a multi-platform attack strategy. The cybersecurity firm assessed with high confidence that TA2726 distributes traffic for other malware campaigns as well. Some operations previously attributed to TA569 have now been reclassified under TA2726 and TA2727.

TA569—also known as Mustard Tempest, Gold Prelude, and Purple Vallhund—is linked to the cybercrime syndicate EvilCorp and was first identified in 2022.

Proofpoint also assessed with moderate confidence that TA2727 purchases traffic through online forums to spread malware, which could be it’s own or that of potential clients. “These are traffic sellers and malware distributors and have been observed in multiple web-based attack chains like compromised website campaigns,” the report stated, “including those using fake update-themed lures.”

Fake browser screen

Proofpoint

 

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS

 

Infostealers are on the rise

Threat intelligence platform KELA reported that hackers using Lumma, along with StealC, Redline, and other infostealers, infected 4.3 million machines in 2024, compromising an estimated 330 million credentials. Security researchers also observed 3.9 billion credentials circulating in lists that appear to originate from infostealer logs.

Infostealer malware is expected to remain a persistent threat in 2025. With malware-as-a-service platforms on the rise and infostealers becoming more sophisticated, cybercriminals will likely continue relying on them as a primary tool for stealing credentials and infiltrating systems.

 

A person is using a laptop

 

FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU

More from CyberGuy
🔴 Free Live Class
Latest CyberGuy Report podcast episode

Watch the latest episode of The CyberGuy Report.

📱 Free class recording: Lock down your phone

Missed this event? Sign up via the registration form and see our live recording.

🛒 This week’s top Amazon deals

See Kurt’s latest Amazon picks for useful gadgets, smart home upgrades and everyday tech worth grabbing while the deals last.

×

Latest CyberGuy Report podcast episode

Reserve your free spot

 

4 ways to stay safe from infostealer malware

As infostealer malware continues to grow in sophistication, taking proactive steps to protect your data is more important than ever. Here are four key ways to safeguard yourself from threats like FrigidStealer, Lumma, and other credential-stealing malware.

1) Beware of fake software updates: One of the most common infection methods is through deceptive browser update prompts. Never download updates from pop-ups or random websites. Instead, always update your software directly from official sources, such as the App Store or the application’s official website. If in doubt, check out my detailed guide on how to keep your device and software updated

 

2) Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA adds an extra layer of security by requiring a secondary verification method, such as a one-time code sent to your phone. Use 2FA for all critical accounts, including email, banking, and cloud services.

 

3) Use a Password Manager: Many infostealers target saved passwords in web browsers. Instead of relying on your browser to store credentials, use a dedicated password manager.  

One of the best password managers out there is NordPass. It is secure, user-friendly, and uses zero-knowledge architecture with military-grade XChaCha20 encryption to protect your data. NordPass works across Windows, macOS, Linux, Android, iOS, and major browsers and includes features like:
  • Unlimited password storage
  • Secure sharing
  • Password health reports
  • Auto-fill and emergency access
  • Data breach monitoring to alert you if your credentials have been exposed
  • A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
Use NordPass to check if your email or passwords have shown up in known data breaches, and take immediate action if they have.
 
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!

 

4) Be cautious with downloads and links, and use strong antivirus: Infostealer malware often spreads through malicious downloads, phishing emails, and fake websites. Avoid downloading software or files from untrusted sources, and always double-check links before clicking them. Attackers disguise malware as legitimate software, game cheats, or cracked applications, so it is best to stick to official websites and app stores for downloads.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

One of the top solutions we recommend is Norton Antivirus Plus, which extends protection beyond just traditional virus scanning. While iPhones have strong built-in security, Norton adds an important extra layer by helping block malicious websites, phishing links, and unsafe downloads before they can cause harm. If you accidentally tap a bad link in an email, text message, or social media post, Norton helps prevent access to known dangerous sites using its continuously updated threat intelligence. If you are interested in a strong antivirus with phone customer service, we recommend Norton Antivirus Plus. This product includes:
  • Strong real-time protection against viruses, malware, ransomware and hacking attempts
  • AI-powered scam protection to help identify suspicious emails, texts and websites
  • Built-in password manager to securely store and manage logins
  • 2 GB PC cloud backup to help protect important files from ransomware or hardware failure
  • Smart firewall and phishing protection
COVERAGE
  • Protects 1, 3 or 5 devices
  • Available for Windows, macOS, Android and iOS
  • Includes real-time threat protection, smart firewall and phishing protection to guard against online attacks
EXCLUSIVE CYBERGUY DEAL: 58% off (year 1) Please note that the above product is the core antivirus product. Norton may try to upsell additional products, but we don’t recommend them. We encourage you to decline those offers.

 

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

 

Kurt’s key takeaway

As the digital landscape evolves, so do the nasty threats we face. FrigidStealer is just the latest reminder that no platform, not even macOS, is immune to the growing sophistication of cybercriminals. With infostealers like Lumma, StealC, and Redline already compromising millions of devices and billions of credentials in 2024, the rise of AI-driven attacks and social engineering scams signals a challenging road ahead. 

Do you think companies like Apple should be doing more to combat these evolving threats? Let us know in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2025 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

image_printPrint this article

   
 
 
🎙 Now Streaming: My New Podcast: The CyberGuy Report

   


 

Kurt’s Top Deals

Deals move fast and inventory can be limited, so don’t wait too long.

🔥 Editor’s pick
Summer entertaining
Ninja SLUSHi Machine
(26% off)
Frozen drinks and slushies at home in minutes.
 
Patriotic pick
American Flag
(19% off)
Heavyweight outdoor American flag.
💰 Top deal
Outdoor essential
TYPEC Solar Bug Zapper
(36% off)
Solar-powered bug zappers for patios and camping.
 
Car tech
ROVE R3 Dash Cam
(33% off)
Front, rear and cabin camera coverage.

1 comment

Bob A. March 4, 2025 - 2:17 pm

It is not just Apple that needs to put effort into securing its software. All software creators need to step up to the plate. Also, the political candidate that puts cyber security at the top of their agenda will get my vote no matter what party.

Reply

Leave a Comment

Free newsletter

Get my free CyberGuy Report

Get my latest tech news, security alerts, tips and deals delivered straight to your inbox.

No spam. No sharing your email. Ever.

🎁

Bonus: Get my FREE Ultimate Scam Survival Guide instantly when you sign up.

By signing up, you agree to our Terms of Service and Privacy Policy . You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder