Thanks to features like Gatekeeper and XProtect, the macOS ecosystem is known to be much less vulnerable to malware than its counterparts. However, it seems like bad actors have started to catch up. Recently, a new malware, FrigidStealer, has been targeting unsuspecting Mac users and stealing their data. Here’s what FrigidStealer is, how it works, and, most importantly, how you can protect your Mac from being infected.
What is FrigidStealer and What Does it Do?
FrigidStealer is a recently identified malware specifically designed to target Mac users and steal sensitive information. According to Proofpoint, the cybersecurity firm that discovered the malware, FrigidStealer is an “infostealer” that is typically delivered through fake browser pop-ups claiming that your web browser needs an urgent update. These prompts, often encountered on infected web pages, trick unsuspecting users into downloading a malicious file disguised as a legitimate update for Safari or Google Chrome.
Once it’s installed, FrigidStealer goes to work quietly in the background. It’s built using a framework that makes its fake installer look authentic, even going as far as asking users to enter their Mac’s password to bypass Gatekeeper and manually approve the app. After gaining access, it can steal a trove of personal data, including login credentials, stored cookies, credit card details, and even cryptocurrency wallets.
FrigidStealer is particularly dangerous because, unlike traditional malware, it often goes undetected by basic antivirus programs. FrigidStealer has been linked to two new threat actors named TA2726 and TA2727. Both seem to have originated from a financially motivated cybercrime syndicate, EvilCorp.
How to Protect Your Mac from a FrigidStealer Infection
Common signs of a FrigidStealer Infection include suspicious login attempts from unknown devices and unusually high system resource usage. In most instances, you can prevent this from occurring If you’re vigilant enough. That said, here are some useful tips to help you protect your Mac from FrigidStealer:
1. Avoid Opening Suspicious Links and Files
FrigidStealer generally infects a Mac through phishing attacks disguised as a download, delivered via suspicious links or files. To safeguard yourself, you must be cautious about any emails, messages, and websites asking you to open links or attachments, especially if you can’t verify the safety of the source.
You can check whether you’re clicking a legitimate link if its URL starts with https:// and doesn’t contain unusual characters. On the other hand, you must avoid downloading any unknown file ending with .dmg.
2. Only Update Apps from a Trusted Source
As FrigidStealer can exploit outdated software by masquerading as a legitimate update, you should only update your apps through trusted sources, such as the Mac App Store or their official website. You must ignore any third-party websites or pop-ups prompting you to update apps, as they may contain malware.
You can have your Mac install new software and app updates automatically. This way, you can be sure that you’re running the latest, most secure version of apps without falling prey to fake software updates.
3. Avoid Downloading Unverified Software
Avoid downloading apps from random sources and only stick to the Mac App Store or official websites of trusted developers. While Gatekeeper does warn you about unverified apps, it’s important that you don’t click Open Anyway to circumnavigate the restriction. By downloading apps from verified sources, you can minimize the chances of infecting your Mac with FrigidStealer or similar infostealers.
4. Enable Two-Factor Authentication
Two-factor authentication (2FA) provides an excellent method to safeguard your Mac from FrigidStealer and other malware. By adding a secondary layer of security, such as a code sent to your number or an authenticator app, two-factor authentication can help fend off unauthorized access to your accounts.