The new variant of UpdateAgent malware infects Mac computers with adware. Earlier on Wednesday Microsoft revealed these details after the malware made its first appearance in September 2020, effectively granting it an “increasing progression of sophisticated capabilities.”
According to Microsoft 365 Defender Threat Intelligence Team, the new variant of Update Agent malware has evolved from a barebones information stealer to a second-stage payload distributor as part of multiple attack waves observed in 2021.
The researchers from Microsoft said, “The latest campaign saw the malware installing the evasive and persistent Adload adware, but UpdateAgent’s ability to gain access to a device can theoretically be further leveraged to fetch other, potentially more dangerous payloads.”
The latest malware is in its development mode and is being propagated via drive-by downloads or advertisement pop-ups that masquerade as legitimate software like video applications and support agents. The bad actors are making improvements to it that have transformed UpdateAgent into a progressively persistent piece of malware.The latest capabilities of the malware include the ability to abuse existing user permissions to surreptitiously perform malicious activities and circumvent macOS Gatekeeper controls, security that ensures only trusted applications from identified developers can be installed on a system.
The latest variant of UpdateAgent is also taking advantage of public cloud infrastructures, such as Amazon S3 and CloudFront services to host its second-stage payloads, this includes adware, in the form of .DMG or .ZIP files.
The Adload malware, once installed uses the ad injection software and man-in-the-middle (MitM) techniques to intercept and reroute users’ internet traffic through the attacker’s servers. This enables it to insert rogue ads into web pages and search engine results to increase the chances of multiple infections on the devices.
The researchers have cautioned, “UpdateAgent is uniquely characterized by its gradual upgrading of persistence techniques, a key feature that indicates this trojan will likely continue to use more sophisticated techniques in future campaigns.”
KP Snacks Giant Hit by Conti Ransomware Group
British Council Exposed More Than 100,000 Files with Student Records
Oiltanking GmbH and Mabanaft Gmbh – German Petrol Supply Firms Paralyzed By Cyber Attack