Summary: Cybercriminals TA2726 and TA2727 have been identified exploiting fake browser update scams to distribute malware across various platforms, notably introducing the FrigidStealer information-stealing malware targeting MacOS. The landscape of these scams has seen an increase in copycat threat actors, complicating the tracking for cybersecurity analysts. Malicious tactics include redirecting users to fake update pages, bypassing MacOS security, and executing data theft efficiently.
Affected: MacOS, Windows, Android users
Keypoints :
- Discovery of new malware FrigidStealer, targeting MacOS users via fake browser update scams.
- TA2726 serves as a Traffic Distribution Service, while TA2727 distributes multiple malware types across different operating systems.
- Tactics include geographic filtering of malware payloads based on user location and device type.
Source: https://securityonline.info/ta2726-ta2727-hackers-deploy-fake-updates-to-spread-malware/