Criminal Mac is known as UpdateAgent has been spreading for over a year, and is growing worse as its manufacturers add new bells and whistles. The add-ons also include a dangerous pay-per-view push for a second adware feature that puts a permanent door on infected Macs.
The family of the UpdateAgent criminal program began to spread before November or December 2020 as a notification thief. It collected inventory names, color codes, and many other mechanical properties. His hard work — that is, he will be able to run at any time a Mac shoes – they were also old-fashioned.
Intermediate-man attack
Over time, Microsoft said Wednesday, UpdateAgent has grown significantly. In addition to what is sent to the attack server, the program also sends a “heart attack” that identifies the attackers as malware it does not matter. Also install an adware called Adload.
Microsoft researchers wrote:
Once the adware is installed, they use an ad scanner and software to connect the device to the internet and control the number of users through the ad servers, inserting ads and advertisements into pages and search results. In particular, Adload supports Person-in-The-Middle (PiTM) attacks by setting up an online project as a result of search and indexing of pages, thus transferring advertising revenue from those who have a legitimate page to adware users.
Adload is the latest version of adware. It can open the back door to download and install adware and other payments in addition to the output that is sent to the invading C2 servers. Considering both UpdateAgent and Adload have the potential to set additional bills, attackers can raise vectors or both to pose a serious threat to the machines they follow in future campaigns.
Before installing the adware, UpdateAgent now removes the flag that a macOS security is called Door of the door adds to downloaded files. (The home supervisor ensures that users receive notifications of new programs coming from the Internet, and also ensures that these programs are not compromised by known malware.)Mac malware since 2017 did the same – its inclusion in the UpdateAgent shows that malware is growing exponentially.
UpdateAgent recognition has been developed for collection system history and SPhardwaretype data, which, among other things, indicates the Mac password. The malware program also started to change the LaunchDaemon folder instead of the LaunchAgent folder as before. While the change requires UpdateAgent to run as a modifier, the change allows the trojan to inject a continuous code that runs like a root.
The next moment shows evolution.
Source link
