Macs under threat from new info-stealing malware spread through fake browser updates — how to stay safe
When it comes to staying safe online, one thing I always recommend is to keep your computer updated along with the software you use everyday. The problem now though, is that hackers are capitalizing on this advice and as you might have guessed, are using it to spread dangerous info-stealing malware targeting Macs, PCs and even Android phones.
As reported by BleepingComputer, a new FakeUpdate campaign has been spotted online by security researchers at Proofpoint. What sets this campaign apart from previous ones is the fact that it’s being used to deliver a new Mac malware called FrigidStealer to the best MacBooks and other Apple computers.
Here’s everything you need to know about this new malware strain and how to avoid falling victim to a fake browser update attack along with some other tips and tricks to help you stay safe from hackers online.
An update you don’t want to install
Given how often software and app updates pop up on our computers and phones, it’s easy to ignore them and keep running outdated software even though doing so puts you at greater risk of coming down with a nasty malware infection.
Since update fatigue is a very real thing, the hackers behind this campaign have devised a clever way to force potential victims to update their web browsers. By taking over vulnerable websites and injecting malicious JavaScript code into them, they can make a site show anything they want or in this case, prompts impersonating Apple and Google recommending a browser update.
For hackers and other cybercriminals, brand impersonation is one of the many tools in their arsenal and the fake update prompts used in this campaign are very convincing. In the screenshot above taken from Proofpoint’s report, you can see how they’ve used the logos, fonts and each tech giant’s respective style to entice unsuspecting users to click on the “Update” button in the middle of the page.
Clicking on this button downloads a malicious executable that’s disguised as an update but what ends up on your computer differs based on your operating system. While Windows users get an MSI installer that loads either the Lumma Stealer or Deer Stealer malware, Mac users get a DMG file used to spread the new FrigidStealer malware. Meanwhile, if you fall for these fake updates on one of the best Android phones, you get an APK file which contains the Marcher banking trojan.
Mac users who download the FrigidStealer malware thinking it’s a browser update need to right-click on the DMG file and select “Open” to begin installing it. Fortunately, macOS does protect you from this sort of thing through Apple’s Gatekeeper security technology which prevents unauthorized software from running on your Mac. However, its protection can be bypassed by entering your password, consider yourself warned.
Stealing data from Apple users
If a Mac user enters their password and installs the FrigidStealer malware on their computer, it immediately gets to work and starts stealing sensitive and personal data.
For instance, this malware can extract saved cookies, usernames and passwords and any password-related files stored in either Safari or Chrome. At the same time, FrigidStealer also scans for crypto wallet credentials, reads and extracts any Apple Notes used for storing passwords, financial information and a whole lot more. It even steals documents, spreadsheets and any text files stored in your Mac’s home directory.
All of this stolen data is compiled into a hidden folder on your home directory and compressed before it’s eventually sent back to a command and control (C2) server run by the hackers behind this campaign.
Basically, falling for a fake update campaign like this one not only compromises your Mac but could even put you at risk of identity theft if you have enough sensitive data stored on your computer.
How to stay safe from malware
Malware campaigns and especially those targeting Macs have really exploded in popularity over the past few years. This is why you need to be extra careful online, update your devices and the software on them regularly and it’s worth investing in some extra protection.
In regard to fake browser updates like the ones seen in this campaign, neither Safari nor Google Chrome will prompt you to update when navigating to a specific website. If a website does tell you that you need to update your browser to view its contents, this is a major red flag and that site should be avoided at all costs. You also want to look out for sites promising quick fixes to common problems and you want to avoid clicking on ads when possible as malicious ads are another way in which hackers will try to infect your devices and steal your data.
Although your Mac comes with built-in security software in the form of XProtect just like how Windows PCs ship with Windows Defender, you can use either in conjunction with the best Mac antivirus software or the best antivirus software respectively. If you use an Android phone, the same holds true for running one of the best Android antivirus apps alongside Google Play Protect to keep your device safe from malicious apps.
Antivirus software will help prevent your devices from becoming infected but what if something malicious slips through the cracks? That’s where the best identity theft protection services come into play. These services can be used to help you get your identity back (naturally) but they can also help you recover any funds lost to fraud.
Hackers aren’t going to stop targeting Macs anytime soon as doing so has proven to be quite profitable. The same holds true for fake browser updates which is why you need to be careful online and educate yourself when it comes to spotting the signs of a potential malware attack or scam. If you keep your wits about you and ensure you think before you click though, you should be fine.
More from Tom’s Guide
Source link
