Microsoft exposed UpdateAgent trojan Mac scheme

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • Years ago nobody thought this possible, but Microsoft and Apple are now working together.
  • The two tech giants are trying to eliminate a serious threat that only targets Mac PC users.
  • Discovered back in 2929, the trojan dubbed UpdateAgent has evolved and is more dangerous.
  • Microsoft also teamed up with Amazon, in order to take down some known problematic URLs.
trojan microsoft

Every time we talk about botnets, malware, and all the recent ransomware attacks, we urge our readers to always take the necessary precautions, in order to avoid being in such situations.

But, sometimes, it seems that all the steps one could take to secure his sensitive information, malicious third parties are always one step ahead.

Now, companies are more willing to share information with partners, experts, and the larger community to collaboratively tackle threats.

The Redmond tech giant pull the cover off hackers

The perfect example of such a collaboration is Microsoft working with rival Apple to patch the Shrootless vulnerability in macOS devices.

To make sure they both discourage attacks and educate people on what measures to take, the tech giant has now published detailed information about a sophisticated trojan that is targeting Mac devices.

Redmond security experts say that the trojan is dubbed UpdateAgent and was discovered back in September 2020 as more of a basic information stealer.

Since then, it has evolved quite a lot and its recent iterations have actually been known to distribute secondary payload, such as the Adload adware.

Microsoft warns that UpdateAgent’s constantly evolving persistent infiltration methods means that it could evolve even further in future campaigns and distribute more dangerous payload.

The above-mentioned UpdateAgent usually looks like legit software that users download on their Apple-powered PCs.

Then, it’s only a matter of time until it bypasses several macOS controls and infects the targetted device. The perfect example of this is bypassing Gatekeeper, which was made to ensure that only trusted apps can run on your hardware.

After this step is complete, the trojan turns to existing user permissions in order to perform shady activity, following which it covers its tracks.

Microsoft also underlined the fact that UpdateAgent downloads its malicious payload from S3 buckets and Cloudfront on AWS.

This prompted the company to immediately work together with Amazon to take down some known problematic URLs.

Have you ever had this problem on your Mac device? Share your experience with us in the comments section below.

This article covers:Topics: