It gets them from legitimate (though misused) public cloud repositories: Amazon S3 or Amazon CloudFront. Interestingly, UpdateAgent doesn’t retrieve these payloads from the attackers’ own infrastructure. In other words, if UpdateAgent is already running on a Mac, bad actors can use it to infect that Mac with other types of malware as well.
However, UpdateAgent soon acquired the ability to fetch and install secondary payloads on a compromised machine. As Microsoft puts it, at this stage UpdateAgent was nothing more than “a fairly basic information-stealer”. Initially, the malware just collected information about an infected Mac and sent it back to a command and control (C&C) server. UpdateAgent’s capabilities have changed over time. It’s also known as WizardUpdate or as Silver Toucan (our own MacScan 3 detects it as WizardUpdate).Īs Microsoft’s blog post explains, UpdateAgent “is likely distributed via drive-by downloads or advertisement pop-ups, which impersonate legitimate software”. UpdateAgent is a macOS Trojan that was discovered in late 2020. In this article, we’ll tell you about the malware and the risk that it poses, and we’ll show you how to detect UpdateAgent on a Mac. Media outlets picked up the story, with many of them describing the changes to UpdateAgent in rather dramatic terms: “sophisticated”, “menacing”, and “more dangerous”. Earlier this month, Microsoft published research about the evolution of UpdateAgent Mac malware.
0 kommentar(er)
