An Update on Fake Updates: Two New Actors, and New Mac Malware

SUMMARY :

Proofpoint has identified two new cybercriminal threat actors, TA2726 and TA2727, operating web inject campaigns. TA2726 acts as a traffic distribution service for TA569 and TA2727, while TA2727 delivers various malware payloads including a new MacOS information stealer called FrigidStealer. The landscape of web inject campaigns is expanding, with multiple copycat actors using similar techniques, making it challenging to track distinct activities. These campaigns typically involve malicious injects, traffic distribution services, and ultimate payloads, sometimes managed by different actors. The attacks use fake browser update lures to deliver malware to Windows, Android, and now Mac systems.

OPENCTI LABELS :

socgholish,fake updates,lumma stealer,deerstealer,macos malware,frigidstealer,traffic distribution,gholoader,doiloader,marcher,web inject


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


An Update on Fake Updates: Two New Actors, and New Mac Malware