Microsoft Details Evolution of Sophisticated UpdateAgent Mac Malware
Microsoft has shared some important details about the evolution of a malware called “UpdateAgent” that started targeting Mac devices in 2020. Yesterday, Microsoft’s threat intelligence team warned users that the new variants of this trojan have become more sophisticated, and they are currently installing adware payloads on infected Mac machines.
The UpdateAgent malware was first discovered back in September 2020, which was used by threat actors to steal information like product names, version numbers, and other minor details on Mac devices. However, Microsoft reports that UpdateAgent has become increasingly sophisticated over time. The trojan can now bypass several macOS controls to persist and run each time the Mac system boots. Consequently, UpdateAgent can easily exploit user permissions to perform malicious activities.
Microsoft also found that UpdateAgent downloads its additional payloads directly from
Amazon Web Services‘ S3 and CloudFront services. Fortunately, Microsoft’s security researchers have collaborated with AWS to remove malicious links from its cloud services.
“Once adware is installed, it uses ad injection software and techniques to intercept a device’s online communications and redirect users’ traffic through the adware operators’ servers, injecting advertisements and promotions into webpages and search results,” the Microsoft 365 Defender threat intelligence team explained yesterday.
The UpdateAgent malware is distributed as legitimate software on malicious websites
Microsoft also highlighted that the UpdateAgent trojan usually poses as legitimate software distributed via advertisements or pop-ups on malicious websites. “More specifically, Adload leverages a Person-in-The-Middle (PiTM) attack by installing a web proxy to hijack search engine results and inject advertisements into webpages, thereby siphoning ad revenue from official website holders to the adware operators,” Microsoft noted.
You can see the evolution of the UpdateAgent trojan from September 2020 to October 2021 in the image below:
Microsoft has outlined a few suggestions to help users protect their Mac machines from this malware. The company recommends consumers to install the latest security patches, install applications from trusted sources, as well as switch to its new Edge browser on macOS to block malicious websites. Meanwhile, enterprise customers are also advised to use Microsoft Defender for Endpoint to protect Mac devices in their organization.
More in Security
Build 2022: Microsoft Boosts Data Analytics and Cybersecurity in New Training & Certifications
May 24, 2022 | Rabia Noureen
Microsoft Defender for Office 365 to Get Preset Security Policy Improvements In June
May 23, 2022 | Rabia Noureen
Microsoft Detects 254% Spike in XorDDoS Attacks on Linux Servers
May 23, 2022 | Rabia Noureen
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
F5 Confirms New Remote Code Execution Flaw in BIG-IP Systems
May 9, 2022 | Rabia Noureen
Most popular on petri