Proofpoint has identified a new MacOS malware delivered via web inject campaigns that researchers dubbed “FrigidStealer.” The data protection company says the web inject campaign landscape is increasing,

Microsoft has observed a once formant macOS malware that has now began targeting Apple’s Xcode platform in a new, more enhanced variant. The Latest Tech News, Delivered to Your Inbox

Researchers warn of rising macOS-targeted attacks as hackers exploit fake updates to bypass security. FrigidStealer malware highlights growing enterprise risks.

They opted for the “fake update” distribution method, where victims would visit a compromised website which would serve a popup. That popup would warn users that they needed to update either their Macs, or their browsers, in order to view the contents of the website.

A recently identified macOS infostealer named FrigidStealer has been distributed through a compromised website, as a fake browser update.

TA2726, per the enterprise security firm, acts as a TDS for TA2727 and another threat actor called TA569, which is responsible for the distribution of a JavaScript-based loader malware referred to as SocGholish (aka FakeUpdates) that often masquerades as a browser update on legitimate-but-compromised sites.

Fake browser updates are an easy way to trick unsuspecting users into downloading and installing malware which is why hackers keep using them in their attacks.

Threat actors are seen distributing the new macOS stealer in a web inject campaign, along with stealers for other operating systems.