Microsoft: This Mac malware is getting smarter and more dangerous

Microsoft has detailed the evolution of a relatively new piece of Mac malware called UpdateAgent that started out stealing system information in late 2020 but has morphed into a tool for delivering adware and potentially other threats. 

One of UpdateAgent’s newest and most potent features is the ability to bypass Apple’s built-in Gatekeeper system that is meant to allow only trusted, signed apps to run on Macs. 

ZDNet Recommends

Microsoft flagged the malware now as it appears to be under continuous development. Today, it installs an “unusually persistent” adware threat called Adload, but Microsoft cautions it could be used to distribute other more dangerous payloads in future. For example, Microsoft found its makers host additional payloads on Amazon Web Services’ S3 and CloudFront services.  

SEE: Cybersecurity: Let’s get tactical (ZDNet special report)

While it does require the victim to install an app masquerading as legitimate software, such as a video app or support agent promoted in ad pop-ups, the ability to bypass Gatekeeper controls is significant. It can also use existing user permissions to delete evidence of its presence on a system. 

Since its discovery between September to December 2020, when it was only an information stealer, the

Read More: