Cybercriminals are ramping up their use of fake software updates to distribute malware, and Mac users are in the crosshairs with a new strain.
Apple iMac
Apple iMac
Researchers have identified two new threat actors, TA2726 and TA2727, who are using web inject campaigns to deliver malware. These actors use fake update lures — often presented as browser updates — to trick users into downloading harmful software, including a newly discovered macOS malware called FrigidStealer.
Historically, the threat actor TA569 and its SocGholish web injects dominated the fake update space, often leading to ransomware attacks. However, beginning in 2023, copycat actors began emerging, complicating efforts to track these threats.