Microsoft Details Evolution of Sophisticated UpdateAgent Mac Malware
Microsoft has shared some important details about the evolution of a malware called “UpdateAgent” that started targeting Mac devices in 2020. Yesterday, Microsoft’s threat intelligence team warned users that the new variants of this trojan have become more sophisticated, and they are currently installing adware payloads on infected Mac machines.
The UpdateAgent malware was first discovered back in September 2020, which was used by threat actors to steal information like product names, version numbers, and other minor details on Mac devices. However, Microsoft reports that UpdateAgent has become increasingly sophisticated over time. The trojan can now bypass several macOS controls to persist and run each time the Mac system boots. Consequently, UpdateAgent can easily exploit user permissions to perform malicious activities.
Microsoft also found that UpdateAgent downloads its additional payloads directly from
Amazon Web Services‘ S3 and CloudFront services. Fortunately, Microsoft’s security researchers have collaborated with AWS to remove malicious links from its cloud services.
“Once adware is installed, it uses ad injection software and techniques to intercept a device’s online communications and redirect users’ traffic through the adware operators’ servers, injecting advertisements and promotions into webpages and search results,” the Microsoft 365 Defender threat intelligence team explained yesterday.
The UpdateAgent malware is distributed as legitimate software on malicious websites
Microsoft also highlighted that the UpdateAgent trojan usually poses as legitimate software distributed via advertisements or pop-ups on malicious websites. “More specifically, Adload leverages a Person-in-The-Middle (PiTM) attack by installing a web proxy to hijack search engine results and inject advertisements into webpages, thereby siphoning ad revenue from official website holders to the adware operators,” Microsoft noted.
You can see the evolution of the UpdateAgent trojan from September 2020 to October 2021 in the image below:
Microsoft has outlined a few suggestions to help users protect their Mac machines from this malware. The company recommends consumers to install the latest security patches, install applications from trusted sources, as well as switch to its new Edge browser on macOS to block malicious websites. Meanwhile, enterprise customers are also advised to use Microsoft Defender for Endpoint to protect Mac devices in their organization.
More in Security
Microsoft Defender Vulnerability Management Adds New CVE Reporting Feature
Jun 30, 2022 | Rabia Noureen
Microsoft Releases Patches to Address Azure FabricScape Flaw Affecting Linux Workloads
Jun 29, 2022 | Rabia Noureen
Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations
Jun 27, 2022 | Rabia Noureen
CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell
Jun 24, 2022 | Rabia Noureen
QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices
Jun 23, 2022 | Rabia Noureen
Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks
Jun 22, 2022 | Rabia Noureen
Most popular on petri