Cybersecurity researchers have identified a new malware campaign linked to an undocumented threat actor called TA2727, which uses web injects to deliver a macOS malware known as FrigidStealer. Operating since at least September 2022, TA2727 employs fake update lures and works in conjunction with other threat actors like TA2726, which acts as a traffic distribution system. The threat actors employ similar tactics, utilizing compromised websites to serve malicious JavaScript that mimics legitimate browser updates. This sophisticated malware distribution strategy underscores new cybersecurity threats targeting macOS users.
The recent TA2727 campaign uses web injects to distribute FrigidStealer, a new macOS malware, highlighting a sophisticated approach to delivering malicious payloads.
TA2727's operations involve fake update-themed lures to distribute malware. They are part of a larger ecosystem of financially motivated threat actors.
The threat actor TA2726 operates as a malicious traffic distribution system (TDS), facilitating malware distribution through compromised web pages.
TA569 and TA2727 share distribution methods using malicious JavaScript injects that imitate browser updates, although TA2727 has unique attack chains.
Collection
[
|
...
]