How to remove FrigidStealer malware from Mac
Written by Tomas Meskauskas on
What kind of malware is FrigidStealer?
FrigidStealer is a malware targeting Mac operating systems. This malicious program is classed as a stealer, and as the classification implies – it is designed to steal sensitive information. FrigidStealer has been observed being spread via Web inject campaigns that redirect users to dedicated websites using update-themed lures.
FrigidStealer malware overview
FrigidStealer has been proliferated through targeted campaigns under the guise of browser updates (Safari, Google Chrome, and possibly others). The downloaded DMG file opens a window instructing the user how to install the browser (update). The icon and name of the browser (Safari or Chrome) vary depending on the one used in the initial lure.
The instructions tell the user to "Right Click" and "Click Open" (from the opened menu) – this installation method bypasses Gatekeeper – a native Mac security feature. Ordinarily, Gatekeeper would warn the user if an app is unsigned or otherwise suspicious.
After the victim goes through these steps, the setup runs the embedded Mach-O executable, and the chain culminates in FrigidStealer's installation. Following successful infiltration, the malware displays a standard Mac prompt requesting the victim to enter their password, and it records the provided credentials.
This stealer searches the Desktop and Documents folders for files containing certain keywords like those associated with log-in credentials and cryptocurrency. FrigidStealer then exfiltrate files of interest. The program also aims to extract Internet cookies and entries in Notes – the native note-taking app.
It must be mentioned that malware developers often improve upon their software and methodologies. Therefore, potential future versions of FrigidStealer could have additional/different capabilities and features.
To summarize, the presence of software like FrigidStealer on devices can lead to serious privacy issues, financial losses, and even identity theft.
| Name | How to remove FrigidStealer virus |
| Threat Type | Mac malware, Mac virus, stealer, password-stealing virus. |
| Detection Names (fake Safari installer) | Combo Cleaner (Trojan.GenericKD.75636707), Emsisoft (Trojan.GenericKD.75636707 (B)), Ikarus (OSX.Agent), Kaspersky (UDS:Trojan-PSW.OSX.Amos.ag), Full List Of Detections (VirusTotal) |
| Detection Names (fake Chrome installer) | Combo Cleaner (Trojan.GenericKD.75636461), Emsisoft (Trojan.GenericKD.75636461 (B)), Ikarus (OSX.Agent), Kaspersky (UDS:Trojan-PSW.OSX.Amos.ag), Full List Of Detections (VirusTotal) |
| Symptoms | Malware is designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine. |
| Distribution Methods | Fake updates, deceptive pop-up ads, free software installers (bundling). |
| Damage | Stolen passwords and banking information, identity theft, severe privacy issues, possible monetary losses. |
| Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Stealer-type malware examples
We have investigated countless malware samples; Cthulhu, fake Unarchiver, and Banshee are merely a couple of our articles on Mac-specific stealers. Data-stealing programs can seek a broad or an incredibly narrow range of information. Stealers are often used in tandem with other malware.
It must be emphasized that regardless of how a malignant program operates – its presence on a system threatens device/user safety. Hence, all threats must be eliminated immediately upon detection.
How did FrigidStealer install on my computer?
As mentioned in the introduction, FrigidStealer has been proliferated via Web inject campaigns. This malware distribution method involves legitimate websites that have been compromised by being injected with malicious code (typically JavaScript). When such a webpage is accessed, a Traffic Distribution Service (TDS) is used to determine where to redirect the visitor based on relevant criteria.
These campaigns can be massive and complex, involving multiple threat actors and various payloads. The cyber criminals behind this activity are not necessarily associated with one another, and they may be responsible only for certain components of these campaigns. Hence, it is not unlikely that this Web inject infrastructure is sold as a service.
Known FrigidStealer-spreading campaigns were noted redirecting users to fake update sites for either Safari or Google Chrome browsers. If the visitors were detected as not using a Mac device, the same infrastructure was utilized to deliver DeerStealer and Lumma stealer for Windows and Marcher malware for Android.
Keep in mind that this method can be used to proliferate all kinds of malicious programs. It is likewise worth mentioning that FrigidStealer could be promoted by relying on other techniques.
Phishing and social engineering are standard in malware distribution. Widespread methods include: drive-by (stealthy/deceptive) downloads, malvertising, malicious attachments or links in spam (e.g., emails, DMs/PMs, social media posts, etc.), online scams, dubious download channels (e.g., freeware and third-party websites, P2P sharing networks, etc.), illegal software activation ("cracking") tools, and fake updates.
Furthermore, some malicious programs can self-proliferate via local networks and removable storage devices (e.g., external hard drives, USB flash drives, etc.).
How to avoid installation of malware?
We highly recommend researching software and downloading it only from official/verified sources. All programs must be activated and updated using functions/tools provided by legitimate developers, as those acquired from third-parties may contain malware.
Additionally, we advise caution when browsing since the Internet is rife with deceptive and malicious content. Incoming emails and other messages must be approached with care. Attachments or links present in suspect/irrelevant mail must not be opened, as they can be infectious.
It is paramount for device integrity and user safety to have a reputable anti-virus installed and kept updated. Security software must be used to perform regular system scans and to remove detected threats and issues. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate infiltrated malware.
FrigidStealer installation setup (Safari disguise):
FrigidStealer installation setup (Google Chrome disguise):
Fake browser update websites spreading FrigidStealer malware (image source – Proofpoint blog):
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Frequently Asked Questions (FAQ)
My computer is infected with FrigidStealer malware, should I format my storage device to get rid of it?
No, malware removal rarely necessitates such drastic measures.
What are the biggest issues that FrigidStealer malware can cause?
The threats posed by an infection depend on the malicious program's abilities and the cyber criminals' goals. FrigidStealer is a stealer that targets information associated with passwords, cryptocurrency wallets, and other vulnerable content. Hence, this malware's presence can lead to severe privacy issues, financial losses, and identity theft.
What is the purpose of FrigidStealer malware?
Malware is primarily used for financial gain. However, the attackers could be seeking to amuse themselves, carry out personal grudges, disrupt processes (e.g., websites, services, companies, etc.), engage in hacktivism, and launch politically/geopolitically motivated attacks.
How did FrigidStealer malware infiltrate my computer?
FrigidStealer has been proliferated via Web inject campaigns under the guise of Safari/Chrome browser updates. Other disguises and distribution methods are not unlikely.
Generally, malware is spread via drive-by downloads, online scams, spam emails/messages, malvertising, untrusted download sources (e.g., freeware and free file-hosting sites, P2P sharing networks, etc.), and illegal program activation tools ("cracks"). Malicious software can also be capable of self-spreading via local networks and removable storage devices.
Will Combo Cleaner protect me from malware?
Combo Cleaner can detect and eliminate almost all known malware infections. It must be stressed that performing a full system scan is crucial since sophisticated malicious software tends to hide deep within systems.
Outstanding!
▼ Show Discussion