Microsoft investigates a Mac Trojan that distributes adware

The Microsoft security team has published an article in which it talks about a new malware for mac that has evolved over the past year to offer attackers a increasing progression of sophisticated capabilities.

The malware family, dubbed UpdateAgent by the Microsoft 365 Defender threat intelligence team, first appeared in September 2020. Since then, it has changed how it works from a simple information collector to a piece of malware that can deliver other malware. payloads.

UpdateAgent can infect users’ Macs via vectors such as drive-by downloads or pop-up ads. In most cases, it is presented as a legitimate piece of software, such as a video application or a support agent (something Windows users are very used to).

Some of the malware functions, allow bypass Apple’s Gatekeeper security control or use existing permissions to remove evidence of its existence on a Mac.

In August 2021, it was upgraded with a new ability to inject code persistent that can be run as root in an invisible background process.

This malware uses public cloud infrastructure such as Amazon S3 or CloudFront to deliver second-stage payloads as .dmg or .zip files.

According to Microsoft regarding this new malware:

UpdateAgent is characterized by its gradual updating of persistence techniques, a key feature that indicates that this Trojan will likely continue to use more sophisticated techniques in future versions.

Trust only authorized apps

UpdateAgent has one key weakness compared to other Mac threats: requires the user to explicitly download a malicious file.

If we do not want to be infected by this malware, it’s a good idea to only install apps from developers you trust from Apple and from the Mac App Store. Do not click on ads or download any app through a link.

Exit mobile version