Since its emergence in September 2020, the Mac trojan UpdateAgent has evolved from a basic information stealer to become a second-stage payload distributor observed in various attacks last year, now also capable of hosting its payloads in the public cloud, The Hacker News reports, citing researchers from the Microsoft 365 Defender Threat Intelligence Team.
UpdateAgent has been found to install persistent Adload adware and is being spread through pop-up advertisements spoofing video apps, support agents, and other legitimate software.
Researchers also discovered numerous improvements to the UpdateAgent malware include the ability exploit CloudFront and Amazon S3 for hosting second-stage payloads in .dmg or .zip file formats, including the Adload malware.
The enhanced UpdateAgent is now also capable of exploiting current user permissions to not only permit malicious activities but also evade Gatekeeper controls in macOS.
"UpdateAgent is uniquely characterized by its gradual upgrading of persistence techniques, a key feature that indicates this trojan will likely continue to use more sophisticated techniques in future campaigns," the researchers said.
Cloud Security, Cloud Security, Malware
Report shows latest evolution of UpdateAgent malware
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds