Files

osint-articles
- 2025-01-02 Hackers Hijack 35 Google Chrome Extensions in Phishing Campaign
- 2025-01-03 Malicious Obfuscated npm Package Deploys Quasar RAT
- 2025-01-06 Beware Fake Game Sites Steal Your Information
- 2025-01-07 Eagerbee Backdoor Targets Middle Eastern Government and ISPs
- 2025-01-07 FireScam Android Malware Poses as Telegram Premium to Steal Data
- 2025-01-09 Neglected Domains Fuel Malspam to Bypass Email Security Measures
- 2025-01-09 Researchers Expose NonEuclid RAT's Advanced Evasion Techniques
- 2025-01-10 CrowdStrike Job Offers Used to Deploy Crypto Miners
- 2025-01-10 Stealer Evades Detection with Apple XProtect Encryption
- 2025-01-10 Stealer Masquerades as LDAPNightmare PoC Exploit
- 2025-01-13 AI-Driven Ransomware FunkSec Targets 85 Victims with Double Extortion
- 2025-01-14 WordPress Skimmers Evade Detection by Injecting Malicious Code into Database Tables
- 2025-01-15 Hackers Use FastHTTP for High-Speed Microsoft 365 Password Attacks
- 2025-01-16 Hackers Exploit Google Search Ads to Hijack Google Ads Accounts
- 2025-01-17 Python-Based Malware Powers RansomHub's Exploitation of Network Flaws
- 2025-01-17 Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
- 2025-01-20 Malicious PyPI Package 'pycord-self' Steals Discord Auth Tokens from Developers
- 2025-01-20 New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts
- 2025-01-21 DoNot Team Linked to New Tanzeem Android Malware for Intelligence Collection
- 2025-01-22 PNGPlug Loader Delivers ValleyRAT Malware to Chinese-Speaking Regions
- 2025-01-22 Ransomware Gangs Pose as IT Support in Microsoft Teams Phishing Attacks
- 2025-01-24 Cybercrime Connections Shared Codebase Links Morpheus and HellCat Ransomware
- 2025-01-24 Juniper VPN Gateways Under Siege The Stealthy Rise of Magic Packet Malware
- 2025-01-24 QakBot-Linked BC Malware Evolves with Enhanced Remote Access and Data Gathering
- 2025-01-27 Hacker Turns Tables on 18,000 Script Kiddies with Deceptive Malware Builder
- 2025-01-27 Hackers Exploit Windows RID Hijacking for Stealthy Admin Account Creation
- 2025-01-29 PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
- 2025-01-30 New Aquabotv3 Botnet Malware Targets Mitel Command Injection Vulnerability
- 2025-02-03 Crazy Evil Gang Exploits Crypto with Advanced Social Engineering and Malware
- 2025-02-03 Malvertising Scam Exploits Google Ads to Hijack Advertiser Accounts
- 2025-02-04 DeepSeek AI Tools Impersonated by Infostealer Malware on PyPI
- 2025-02-05 Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
- 2025-02-05 North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
- 2025-02-05 macOS Infostealers Exploiting macOS Environments
- 2025-02-06 Crypto-Stealing Apps Surface in Apple's App Store for the First Time
- 2025-02-06 Hackers Spoof Microsoft ADFS Login Pages to Steal Credentials
- 2025-02-06 Sophos Warns of Novel SVG Phishing Tactics Bypassing Security Measures
- 2025-02-07 Fake Google Chrome Sites Spreading ValleyRAT Malware Through DLL Hijacking
- 2025-02-07 Kimsuky Hackers Deploy New Custom RDP Wrapper for Remote Access Exploits
- 2025-02-07 Microsoft Warns Exposed ASP.NET Keys Used for Malware Deployment
- 2025-02-12 Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT
- 2025-02-13 BadPilot Network Hacking Fuels Russian Sandworm's Global Cyber Attacks
- 2025-02-14 FINALDRAFT Malware Exploits Microsoft Graph API for Espionage
- 2025-02-14 Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
- 2025-02-17 Microsoft Hackers Steal Emails Using Device Code Phishing Attacks
- 2025-02-18 New Golang-Based Backdoor Leverages Telegram for Evasive C2 Operations
- 2025-02-19 New FrigidStealer Malware Targets macOS Users via Fake Browser Updates
  - endpoint-iocs.txt
  - iocs.txt
  - network-iocs.txt
  - readme.md
- 2025-02-20 Invisible Unicode Used in Phishing Trick
- 2025-02-20 Russian Phishing Campaigns Exploit Signal’s Device-Linking Feature
- 2025-02-25 New Malware Campaign Spreading via Cracked Software
- 2025-02-26 Auto-Color Linux Backdoor Targets North American Governments and Universities
- 2025-02-26 GitVenom Malware Campaign Hijacks GitHub Repos to Steal Cryptocurrency
- 2025-02-27 VSCode Extensions with 9 Million Installs Removed Due to Hidden Security Threats
- 2025-02-28 PayPal’s No-Code Checkout Exploited by Scammers in Sophisticated Ad Fraud Scheme
- 2025-03-04 Hackers Leverage AWS Misconfigurations for Phishing via SES and WorkMail
- 2025-03-04 New ClickFix Phishing Attack Unleashes Havoc C2 via Microsoft SharePoint
- 2025-03-05 New Polyglot Malware Targets Aviation and Satellite Firms in UAE
- 2025-03-06 Seven Malicious Go Packages Caught Deploying Malware on Linux and macOS Systems
- 2025-03-07 Akira Ransomware Exploits Unsecured Webcam to Encrypt Network and Evade EDR
- 2025-03-07 Malvertising Campaign Infected Nearly 1 Million PCs Worldwide
- 2025-03-10 Microsoft Warns of North Korean Hackers Using Qilin Ransomware in Cyberattacks
- 2025-03-11 Desert Dexter Malware Campaign Infects 900+ Victims via Facebook Ads and Telegram Links
- 2025-03-12 North Korean Lazarus Hackers Target Developers with Malicious npm Packages
- 2025-03-12 AI-Powered Fake GitHub Repos Distribute SmartLoader and Lumma Stealer Malware
- 2025-03-13 CISA Warns of Medusa Ransomware Targeting Over 300 Critical Infrastructure Organizations
- 2025-03-13 North Korean Android Spyware 'KoSpy' Sneaks Onto Google Play in Covert Campaign
- 2025-03-13 The Dark Side of Sports Betting Mirror Sites Fueling Gambling Scams
- 2025-03-14 ClickFix Phishing Campaign Targets Hospitality Sector with Fake Booking.com Emails
- 2025-03-14 Obscure#Bat Malware Campaign Deploys Rootkit via Fake CAPTCHA Pages
- 2025-03-14 SuperBlack Ransomware Exploits Fortinet Auth Bypass Flaws in Targeted Attacks
- 2025-03-17 Black Basta Ransomware Unleashes Automated VPN Brute-Forcing Tool 'BRUTED'
- 2025-03-18 New StilachiRAT Malware Targets Crypto Wallets and System Reconnaissance
- 2025-03-19 Unpatched Windows Zero-Day Fuels State-Sponsored Cyber Espionage Since 2017
- 2025-03-20 DollyWay Malware Campaign Compromises Over 20,000 WordPress Sites
- 2025-03-20 Dragon RaaS Pro-Russian Hacktivists Leverage Five Families Legacy in Cybercrime Push
- 2025-03-24 Medusa Ransomware Deploys Malicious ABYSSWORKER Driver to Neutralize Anti-Malware Defenses
- 2025-03-31 Crocodilus Malware Targets Android Users’ Crypto Wallets with Deceptive Overlays
- 2025-03-31 Morphing Meerkat PhaaS Leverages DNS-over-HTTPS to Slip Past Security Defenses
- 2025-04-01 North Korean Lazarus Group Deploys ClickFix Attacks to Target Crypto Industry
- 2025-04-02 Over 1,500 PostgreSQL Servers Hijacked in Stealthy Fileless Crypto Mining Campaign
- 2025-04-02 QR Code Phishing Surge Attackers Innovate with Redirects and Turnstile Evasion
- 2025-04-04 Hunters International Rebrands as World Leaks and Pivots to Pure Data Extortion
- 2025-04-04 Microsoft Flags Tax-Themed Phishing Surge Using PDFs and QR Codes to Deploy Malwar
- 2025-04-08 EncryptHub’s Double Game Cybercrime Turned Windows Bug Bounty Hunter
- 2025-04-08 Malicious VSCode Extensions Sneak Cryptominers onto Windows Systems
- 2025-04-11 AkiraBot’s AI-Powered Spam Campaign Hits 420,000 Websites with CAPTCHA-Evading Tactics
- 2025-04-11 Malicious npm Package Targets Crypto Wallets with Persistent Clipper Malware
- 2025-04-11 Russian Gamaredon Hackers Target Western Military Mission with Malicious USB Drives
- 2025-04-11 U.S. Toll Road Smishing Scams A Growing Threat to Drivers Nationwide
- 2025-04-15 BPFDoor’s Hidden Controller Fuels Stealthy Cyberespionage Across Asia and the Middle East
- 2025-04-15 ResolverRAT Malware Targets Global Pharma and Healthcare with Stealthy Phishing Attacks
- 2025-04-15 Slow Pisces Deploys Custom Python Malware in Coding Challenge Scam Targeting Crypto Developers
- 2025-04-18 57 Chrome Extensions with 6 Million Installs Caught with Hidden Tracking Code
- 2025-04-18 State-Sponsored Hackers from Iran, North Korea, and Russia Leverage ClickFix for Targeted Malware Attacks
- 2025-04-18 Windows NTLM Hash Leak Vulnerability Exploited in Phishing Attacks Targeting Governments
- 2025-04-21 Interlock Ransomware Gang Deploys ClickFix Attacks with Fake IT Tools to Breach Networks
- 2025-04-21 SuperCard X Android Malware Exploits NFC Relay Attacks for Payment Fraud
- 2025-04-22 Russian Bulletproof Host Proton66 Fuels Global Cyberattacks and Malware Surge
- 2025-04-22 State-Sponsored Hackers Adopt ClickFix Tactic for Sophisticated Espionage Campaigns
- template
threat-hunting-scripts
.gitignore
README.md

2025-02-19 New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

added New FrigidStealer Malware Targets macOS Users via Fake Browser …

Feb 19, 2025

825e0a9 · Feb 19, 2025

Name	Name	Last commit message	Last commit date
parent directory ..
endpoint-iocs.txt	endpoint-iocs.txt	added New FrigidStealer Malware Targets macOS Users via Fake Browser …	Feb 19, 2025
iocs.txt	iocs.txt	added New FrigidStealer Malware Targets macOS Users via Fake Browser …	Feb 19, 2025
network-iocs.txt	network-iocs.txt	added New FrigidStealer Malware Targets macOS Users via Fake Browser …	Feb 19, 2025
readme.md	readme.md	added New FrigidStealer Malware Targets macOS Users via Fake Browser …	Feb 19, 2025

readme.md

New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

Cyber security researchers have uncovered FrigidStealer, a new macOS malware spread through fake browser updates. This malware is part of a broader campaign by the TA2727 group, also known for distributing malware on Windows and Android.

Key takeaways:

❄️ FrigidStealer Introduction: A new malware targeting macOS, exploiting fake browser update prompts.

🖥️ Attack Method: Uses web injects to redirect users to download pages, where they're tricked into installing the malware.

🔍 Threat Actor: Linked to TA2727, a group that targets Windows with Lumma Stealer and Android with Marcher.

🔓 Security Bypass: The malware requires manual launch to bypass macOS Gatekeeper, after which it steals sensitive data.

🚨 User Caution: macOS users should be wary of unexpected update notifications and only download from official sources.

🔗 https://buff.ly/3EKFYGY

Package Content

iocs.txt: List of all Indicators of Compromise (IOCs) in the article.
endpoint-iocs.txt: List of endpoint IOCs in the article.
network-iocs.txt: List of network IOCs in the article.

Note

Use the following scripts in threat-hunting-scripts to help you hunt:

verify-iocs-vt.py: Verify IOCs using VirusTotal Community API.
iocs-to-cs.py: Upload IOCs to CrowdStrike Falcon IOC Management for detection and blocking.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

2025-02-19 New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

2025-02-19 New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

readme.md

New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

Package Content

Files

2025-02-19 New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

Directory actions

More options

Directory actions

More options

Latest commit

History

2025-02-19 New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

Folders and files

parent directory

readme.md

New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

Package Content