Proofpoint reveals new FrigidStealer malware targeting MacOS devices

Proofpoint has discovered a new malware called FrigidStealer, which targets macOS devices. This marks a shift from the previous belief that Apple devices were largely immune to malware threats. The malware is part of campaigns linked to the threat actor TA569. TA569, associated with the cybercrime group EvilCorp, has been active since 2022 and primarily uses fake updates to deliver malware. New threat actors, TA2726 and TA2727, have emerged, collaborating in web inject campaigns and distributing malware, including FrigidStealer for Mac. In 2025, Proofpoint observed TA2726 redirecting traffic to TA569 in North America and to TA2727 elsewhere. The FrigidStealer campaign was detected in January 2025, targeting Mac users outside North America through fake update pages.