MacOS: Watch out for this virus which pretends to update safari and chrome

Once is not custom, it is not Android or Windows which are targeted by the latest devastating virus to make the newsbut macOS. Proofpoint alert cybersecurity research team in February 2025 on Frigidstealer, a threat that can affect a large part of the users of the Apple operating system. Indeed, this malware hides in false updates of Chrome and Safari browsers.

Caution where you click on the web

Two malicious entities, called TA2726 and TA2727, seem behind this operation. This rests on several stages, classic for this kind of attack.

The first is to inject infected javascript scripts on websites. Thus, the latter show these famous false alerts inviting users to make an update that wants them anything except good.

Criminals also use a TDS (Traffic Distribution System) and a system of filters to identify the people most likely to succumb to these false updates. Finally, if users click on the famous update, a DMG file is downloaded from the system. Open it by following the instructions provided (which bypass Gatekeeper, the macOS security system to protect malware), malware has access to the system.

Frigidstealer wants your data and your cryptos

Once in place, Frigidstealer steals and sends the data present in Safari or Chrome to pirates, such as identifiers, passwords or cookies. But the worst arrives for those in possession of cryptocurrencies, since the malware will search the whole computer in order to recover the passwords and the private keys supposed to protect virtual currencies.

In short, as always, on the internet, be careful what you click on. In the case of browser updates, always take care to go directly through macOS or the menus of the application concerned.