UpdateAgent, a new type of malware that infects Mac users, was discovered late 2020.
Initially, the strain was not very alarming. Although it stole system information, it wasn't the most serious threat to Mac users.
The hackers responsible for the malicious code have been busy since then. UpdateAgent has seen a few new developments. Each one adds an additional layer of danger. UpdateAgent is a serious cyber threat for Mac users.
UpdateAgent now installs Adload, an annoyingly persistent adware virus. UpdateAgent now has the ability to install even more dangerous and harmful payloads.
Microsoft has been following and investigating the development of UpdateAgent. Microsoft discovered that hackers responsible for the strain were hosting other payloads on Amazon Web Services CloudFront and S3 services. These payloads have not been linked to UpdateAgent yet, but it is a clear indication of what's to come.
The code can now fetch compressed zip files rather than .dmg files. This code has been modified so that Gatekeeper does not display pop-up warnings. It can inject persistent code into background processes that are not visible to the user.
Microsoft shared this statement about their research into the malware strain:
"UpdateAgent's gradual upgrade of persistence techniques is a unique feature. This key feature indicates that this trojan will continue to use advanced techniques in future campaigns.
The malware, which is similar to other information-stealers, tries to infiltrate macOS computers to steal data. It's also associated with malicious payloads, increasing the likelihood of multiple infections."
UpdateAgent should be on your radar if it wasn't already. This is one to keep an eye out for throughout the year.
Apple Issues a Fix for Multiple Zero-Day Exploits
Apple users have good news.
Two Zero-Day vulnerabilities were addressed by the company's security updates. The company has been very busy. These security flaws could be exploited to cause serious problems for anyone running iOS or macOS.
The Zero-Day is being addressed as CVE-2022-22587. This is a serious memory corruption bug that affects macOS Monterey and iPadOS.
The company also focused its attention on a Zero-Day bug that Safari's WebKit had. This affected users of iOS and iPadOS. It allowed websites to monitor your browsing habits and identify users in real-time.
Both exploits are possible if you have an OS version older than 15.3. Apple has discovered evidence that these exploits are being actively used in the wild. You should update to 15.3 immediately to protect yourself.
These are the Zero-Day bugs Apple has solved in 2022, which is why they are significant. This is also proof that Apple isn't resting on its laurels. They are actively fighting back against hackers and addressing security issues quickly.
Although it's great to see, last year Apple seemed to be obsessed with Zero-Day flaws. We hope that there will be fewer of them this year. Even if this is not the case, Apple continues to show how serious they take security of their users.
Whatever happens, one thing is certain: 2022 will be an interesting year.
Apple deserves praise for its quick response. If you are an Apple user, make sure to check your OS version.
Does tracking new cyber treats seem like a daunting task? Let Integrated Technology Systems help you. We can manage your network, assist with cloud migration and ensure your data is safe.
Find more great information on Facebook.
