Show thread decioFeb 24, 2025

Même campagne de fausse mise à jour de navigateur, mais cette fois avec une nouvelle version de stealer pour macOS. Les chercheurs de Proofpoint ont identifié une nouvelle vague fin janvier 2025, utilisant les mêmes TTPs pour livrer les mêmes charges malveillantes.

🔍 Dans cette campagne, TA2727 ciblait spécifiquement les utilisateurs macOS hors Amérique du Nord. En visitant un site compromis, ils sont redirigés vers une fausse page de mise à jour Safari. En cliquant sur "Update", ils téléchargeaient et installaient un stealer, baptisé FrigidStealer par Proofpoint.
⬇️
"...a Mac user outside of North America visited the compromised website from a web browser, they were redirected to a fake update page that, if the Update button was clicked, downloaded and installed an information stealer. Proofpoint researchers named this malware FrigidStealer. "
👇
https://www.proofpoint.com/us/blog/threat-insight/update-fake-updates-two-new-actors-and-new-mac-malware

#CyberVeille #macos #stealer #fakeupdate

An Update on Fake Updates: Two New Actors, and New Mac Malware | Proofpoint US

Key findings  Proofpoint identified and named two new cybercriminal threat actors operating components of web inject campaigns, TA2726 and TA2727.  Proofpoint identified a new

Proofpoint
TechHelpKB.com 📚Feb 20, 2025

Here’s everything you need to know about the new info-stealing FakeUpdate malware campaign targeting Macs and how to avoid falling victim to a fake browser update attack along with other online safety tips and tricks.

#apple #macos #fakeupdate #malware
https://www.tomsguide.com/computing/online-security/macs-under-threat-from-new-info-stealing-malware-spread-through-fake-browser-updates-how-to-stay-safe

Macs under threat from new info-stealing malware spread through fake browser updates — how to stay safe

Windows PCs and Android phones are also being targeted

Tom's Guide
Tech Cybersecurity NieuwsOct 2, 2024
Nieuwe warmcookie malware verspreidt zich via valse browserupdates in frankrijk https://www.trendingtech.news/trending-news/2024/10/40235/nieuwe-warmcookie-malware-verspreidt-zich-via-valse-browserupdates-in-frankrijk #WarmCookie #FakeUpdate #malware #cyberaanval #browserupdate #Trending #News #Nieuws
Nieuwe warmcookie malware verspreidt zich via valse browserupdates in frankrijk

Een nieuwe cyberaanvalscampagne, bekend als 'FakeUpdate', richt zich op gebruikers in Frankrijk door middel van valse browser- en applicatie-updates. Deze upda

Tech Nieuws
Tech Cybersecurity NieuwsOct 2, 2024
Nieuwe warmcookie malware verspreidt zich via valse browserupdates in frankrijk https://www.trendingtech.news/trending-news/2024/10/40235/nieuwe-warmcookie-malware-verspreidt-zich-via-valse-browserupdates-in-frankrijk #WarmCookie #FakeUpdate #malware #cyberaanval #browserupdate #Trending #News #Nieuws
Nieuwe warmcookie malware verspreidt zich via valse browserupdates in frankrijk

Een nieuwe cyberaanvalscampagne, bekend als 'FakeUpdate', richt zich op gebruikers in Frankrijk door middel van valse browser- en applicatie-updates. Deze upda

Tech Nieuws
JackHuskyMay 29, 2024

Es gibt schon sehr interessante Seiten im Internet.

Ich seid im Büro und braucht eine extra Pause? Kein Problem, ein Fake-Update hilft euch dabei 😂

#prank #fakeupdate #windows #macos #ubuntu

https://www.whitescreen.online/

White Screen | Online Tool

Online tool to show white fullscreen page. Use as a light source for zoom calls or to test monitor, to copy drawings, to make a flipbook, to focus yourself.

JacobApr 24, 2024

Some more intel on the Eugenloader #FakeUpdate that @jeromesegura posted about a few weeks ago. Still seeing them using the same landing page for the FBU display, they've rotated through a few delivery domains now though.

FBU Display page:
doggygangers[.]com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/land/universal_land/

Delivery Domains:
w6trw[.]com/wp-content/uploads/UpdateSetup-x86.msix
pipeline[.]pt/shop/upload/stowlcarousel/UpdateSetup-x86.msix
andaclesrealty[.]com/wp-content/uploads/2020/UpdateSetup-x86.msix
3sbrokers[.]com/wp-content/uploads/2024/04/UpdateSetup-x86.msix

Eugenloader C2:
utm-msh[.]com/profile

Most recent sample I pulled down:
9e800a05e65efe923a35815157129652980f03cbcf95cf0d64676f6da73471de

Zeljka ZorzOct 17, 2023

ClearFake, a threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the group behind the SocGholish campaigns.

https://www.helpnetsecurity.com/2023/10/17/clearfake-malware-fake-browser-updates/

@rmceoin @monitorsg
#FakeUpdate #Malware #ClearFake #SocGholish #Cybersecurity

Researchers warn of increased malware delivery via fake browser updates - Help Net Security

ClearFake is likely operated by the threat group behind the SocGholish "malware delivery via fake browser updates" campaigns.

Help Net Security
Notor99May 24, 2019
Quand tu embêtes tes collègues avec #fakeupdate sur #windows