FrigidStealer (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

osx.frigid_stealer (Back to overview)

FrigidStealer

According to Proofpoint, FrigidStealer FrigidStealer uses Apple script files and osascript to prompt the user to enter their password, and then to gather data including browser cookies, files with extensions relevant to password material or cryptocurrency from the victim’s Desktop and Documents folders, and any Apple Notes the user has created.

References

2025-02-18 ⋅ Proofpoint ⋅ Proofpoint Threat Research Team
An Update on Fake Updates: Two New Actors, and New Mac Malware
Marcher FAKEUPDATES FrigidStealer Lumma Stealer

There is no Yara-Signature yet.

FrigidStealer Propose Change

References

FrigidStealer