216.73.217.139

An Update on Fake Updates: Two New Actors, and New Mac Malware

· Published 18/02/2025 15:38 · Modified 18/02/2025 17:55

Export JSON

Essential information

Published
18/02/2025 15:38
Modified
18/02/2025 17:55
Tags
2025-02-18 deerstealer doiloader fake updates frigidstealer gholoader lumma stealer macos malware marcher socgholish traffic distribution web inject
Related entities
10 observables, 1 intrusion sets (apt), 14 techniques (mitre), 7 malware, 4 others

Description

Proofpoint has identified two new cybercriminal threat actors, TA2726 and TA2727, operating campaigns. TA2726 acts as a service for TA569 and TA2727, while TA2727 delivers various malware payloads including a new MacOS information stealer called . The landscape of campaigns is expanding, with multiple copycat actors using similar techniques, making it challenging to track distinct activities. These campaigns typically involve malicious injects, services, and ultimate payloads, sometimes managed by different actors. The attacks use fake browser update lures to deliver malware to Windows, Android, and now Mac systems.

External references