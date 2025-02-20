Proofpoint has identified a new MacOS malware delivered via web inject campaigns that researchers dubbed “FrigidStealer.”

The data protection company says the web inject campaign landscape is increasing, with a variety of copycat threat actors conducting similar campaigns, which can make it difficult for analysts to track. From the report: The malicious website injects threat landscape is incredibly dynamic with multiple threat actors leveraging this malware delivery method. Typically, an attack chain will consist of three parts: the malicious injects served to website visitors, which are often malicious JavaScript scripts; a traffic distribution service (TDS) responsible for determining what user gets which payload based on a variety of filtering options; and the ultimate payload that is downloaded by the script. Sometimes each part of the attack chain is managed by the same threat actor, but frequently the different parts of the chain may be managed by different threat actors.

To stay safe from malware scams, be suspicious of unexpected (and unusual) sounding prompts to update your software — especially if they appear while browsing the web. Instead of clicking on pop-ups (which we don’t have at Apple World Today), go directly to the related website or open the app’s built-in update function to ensure you’re getting legitimate software. And you should keep all security software up-to-date.

