Mac Malware UpdateAgent Is Becoming More Advanced and More Dangerous

Mac malware known as UpdateAgent that came to the front in late 2020 is growing increasingly dangerous as its developers add new features. The malware that initially started out with stealing information has now evolved into a tool for delivering adware and other potential threats.

One of the malware’s newest and potentially threatening features is its ability to bypass Apple’s built-in Gatekeeper system that ensures that only genuine, signed apps run on Macs.

Microsoft said that the malware has become increasingly sophisticated over time. UpdateAgent not only sends data to the server but also keeps the attackers in the loop continuously to let them know whether the malware is running or not. Furthermore, it also installs adware called Adload.

Microsoft researchers said,” Once adware is installed, it uses ad injection software and techniques to intercept a device’s online communications and redirect users’ traffic through the adware operators’ servers, injecting advertisements and promotions into webpages and search results. More specifically, Adload leverages a Person-in-The-Middle (PiTM) attack by installing a web proxy to hijack search engine results and inject advertisements into webpages, thereby siphoning ad revenue from official website holders to the adware operators.

Adload is also an unusually persistent strain of adware. It is capable of opening a backdoor to download and install other adware and payloads in addition to harvesting system information that is sent to the attackers’ C2 servers. Considering both UpdateAgent and Adload have the ability to install additional payloads, attackers can leverage either or both of these vectors to potentially deliver more dangerous threats to target systems in future campaigns.”

While the malware does require a victim to install an app that pretends to be legitimate software, its ability to bypass Gatekeeper controls is dangerous. Ever since its discovery in 2020, the malware has become more advanced which means its developers have been working continuously to add more and more features, making it more and more threatening.

To avoid being infected with this and other such malware, Mac users should be cautious about social engineering tricks such as unwanted popups appearing in browser windows that warn of infections or unpatched software.

If you run a Mac device, you know you need a good antivirus and layered security, especially if you are in a business environment. Contact us today to discuss.