Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

This MacOS Trojan stealthily lifts your data, says Microsoft

You might think that your Mac is invulnerable to viruses and other security threats, but you might want to think again. As part of its commitment to intelligence sharing and collaboration, Microsoft recently exposed the evolution of a MacOS Trojan that can stealthily lift your personal data.

First spotted in September 2020, Microsoft says this piece of malware, known as UpdateAgent,  has increasingly progressed to “sophisticated capabilities.” Though it also indicated that the latest two versions are still more “refined,” Microsoft does warn that the malware is again being developed, and more updates could come soon.

MacBook on a chair with the TV app on the screen.
Image used with permission by copyright holder

It is so bad, that Microsoft believes this malware can be leveraged to fetch more dangerous payloads beyond just the adware that it is already injecting into victim machines.

Recommended Videos

But how does it work? Per Microsoft, the UpdateAgent malware can impersonate real software, and then take Mac functionalities under its own control. It is usually first installed to victim Macs by automated downloads without a user’s consent, or advertisement pop-ups, which impersonate video applications and support agents. UpdateAgent can even bypass Gatekeeper, which usually makes sure that only trusted apps can run on Macs. The Malware then takes over a machine and performs malicious acts like injecting adware.

Please enable Javascript to view this content

Microsoft worked with Amazon Web Services to pull the URLs used by UpdateAgent to inject adware, but the UpdateAgent campaign has steadily evolved. It went from basic information stealer in December 2020, to the ability to fetch and deliver .DMG files in February 2021, to being able to fetch and deliver .ZIP files in March 2021.

Later in August, the malware expanded its reconnaissance function to scan and collect System_profile and SPHardwaretype information from victim machines. At its worst point in August, the malware even used permissions and wrote its own code to trick Gatekeeper into thinking it’s not even there.

“UpdateAgent is uniquely characterized by its gradual upgrading of persistence techniques, a key feature that indicates this trojan will likely continue to use more sophisticated techniques in future campaigns,” Microsoft said Microsoft.

Microsoft wasn’t clear which versions of MacOS are impacted by UpdateAgent, but it did have some advice that goes beyond using antivirus software. It pointed to using the Microsoft Edge browser, which can block and scan for malicious websites. Other tips include restricting access to privileged resources, installing apps only from the app store, and running the latest versions of MacOS and other applications.

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
The macOS Sequoia update just launched. Here’s why you should install it
The iPhone Mirroring feature from macOS Sequoia being demonstrated at the Worldwide Developers Conference (WWDC) 2024.

The macOS Sequoia update is finally here, bringing iPhone Mirroring, Safari updates, window tiling, and the new Passwords app to Mac. As promised, there are no Apple Intelligence features in this update, but they will start rolling out from next month.

iPhone Mirroring is the most exciting thing coming with this update, allowing you to check your messages, notifications, and apps without switching devices. The feature makes a lot of sense as the one time we truly don't need our phones is when we're already using a computer. Instead of taking your hands off the keyboard to pick up your iPhone, you can simply access it on your Mac like a phone-shaped app.

Read more
I’d never use a Mac without first changing these 8 security settings
Security and Privacy settings open on a MacBook.

If you’ve got one of the best MacBooks or Macs, the chances are good that you do an awful lot of sensitive stuff on your computer. Think about all the passwords you enter, the emails you send and receive, and the documents you create -- all of those can provide a treasure trove of data to any sticky-fingered ne’er-do-wells who manage to gain access to your device.

To prevent the worst from happening, it’s a good idea to beef up your Mac security. The good news is that doing so is far easier than you might think, and there are a handful of macOS settings you can change right now to keep your Mac -- and all the information it holds about you -- safe from prying eyes.

Read more
A new malware threat to macOS adds to the data-stealing surge
Apple MacBook Pro 16 downward view showing keyboard and speaker.

If you still think Macs are inherently safe from malware, think again.

Mac users have another threat to worry about. Cthulhu Stealer, a new Mac malware threat, tries to steal sensitive data such as passwords and cryptocurrency wallets, Cado Security reports in a blog post. The malware threat disguises itself as authentic software to gather login credentials.

Read more