UpdateAgent Malware Has Been Modified to Include Adware in Macintoshes

UpdateAgent Malware Has Been Modified to Include Adware in Macintoshes

Short News:- 

UpdateAgent is the name given to the new malware family by Microsoft. Researchers tracked its evolution as part of multiple attack waves in 2021. UpdateAgent was used in this latest campaign to deliver the evasive and persistent adware Adload. The malware could theoretically be used to fetch other, potentially more dangerous payloads.

Detailed News:- 

When the Mac trojan first appeared in September 2020, it was unknown to Microsoft, but on Wednesday, the company revealed that the trojan had undergone several revisions since then, giving it "increasing progression of sophisticated capabilities."

UpdateAgent is the name given to the new malware family by the Microsoft 365 Defender Threat Intelligence Team, who tracked its evolution as part of multiple attack waves in 2021, from an information stealer to a second-stage payload distributor.

Although UpdateAgent was used in this latest campaign to deliver the evasive and persistent adware Adload, the researchers say that the malware's ability to gain access to a device could theoretically be used to fetch other, potentially more dangerous payloads in the future."

Despite the authors' efforts to make UpdateAgent a more persistent threat, the malware is said to be spread via drive-by downloads or advertisement pop-ups that pretend to be legitimate software like video applications or support agents.

Apple's Gatekeeper, a feature that ensures only applications from known developers can be installed on a Macintosh computer, is among the most significant advancements in the field of malware development.

Using Amazon S3 and CloudFront services, UpdateAgent hosts its second-stage payloads, including adware, in the form of.DMG or.ZIP files that can be downloaded from the Internet.

Ad injection software and man-in-the-middle (MitM) techniques are used to intercept and reroute users' internet traffic through the attacker's servers to insert rogue ads into web pages and search engine results in order to increase the likelihood of multiple infections.

UpdateAgent is "uniquely characterized by its gradual upgrading of persistence techniques, a key feature that indicates that this trojan will likely continue to use more sophisticated techniques in future campaigns," the researchers warned.