UpdateAgent malware variant impersonates legitimate macOS software

The new variant of UpdateAgent malware is also capable of dropping adware against macOS.

The IT security researchers at Microsoft Security Intelligence have discovered a new variant of  UpdateAgent (aka WizardUpdate) malware targeting Mac devices. UpdateAgent was originally discovered in November 2020 targeting macOS.

New variant, new capabilities, new adware

In a series of tweets, Microsoft explained that the variant is equipped with new capabilities including increased persistence and evasion tactics. This indicates that the malware is not only difficult to detect but also hard to get rid of.

Another malicious capability of the malware includes the abuse of public cloud infrastructure to host additional payloads. For instance, upon infection, UpdateAgent installs new adware called Adload.

According to researchers, although, the malware collects and sends system information to a C2 server, one of the most notable additions to the malware’s capabilities is its ability to bypass Apple’s Gatekeeper security feature. It does so by removing the downloaded file’s quarantine attributes.

The screenshot below shows the evolution of Trojan:MacOS/UpdateAgent.B (aka WizardUpdate):

UpdateAgent malware variant impersonates legitimate macOS software

Evolution of Trojan:MacOS/UpdateAgent.B (aka WizardUpdate):

For your information, Gatekeeper is the backbone of macOS’ security

Read More: https://www.hackread.com/updateagent-malware-variant-macos-software/