Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

This MacOS Trojan stealthily lifts your data, says Microsoft

You might think that your Mac is invulnerable to viruses and other security threats, but you might want to think again. As part of its commitment to intelligence sharing and collaboration, Microsoft recently exposed the evolution of a MacOS Trojan that can stealthily lift your personal data.

First spotted in September 2020, Microsoft says this piece of malware, known as UpdateAgent,  has increasingly progressed to “sophisticated capabilities.” Though it also indicated that the latest two versions are still more “refined,” Microsoft does warn that the malware is again being developed, and more updates could come soon.

MacBook on a chair with the TV app on the screen.
Image used with permission by copyright holder

It is so bad, that Microsoft believes this malware can be leveraged to fetch more dangerous payloads beyond just the adware that it is already injecting into victim machines.

But how does it work? Per Microsoft, the UpdateAgent malware can impersonate real software, and then take Mac functionalities under its own control. It is usually first installed to victim Macs by automated downloads without a user’s consent, or advertisement pop-ups, which impersonate video applications and support agents. UpdateAgent can even bypass Gatekeeper, which usually makes sure that only trusted apps can run on Macs. The Malware then takes over a machine and performs malicious acts like injecting adware.

Microsoft worked with Amazon Web Services to pull the URLs used by UpdateAgent to inject adware, but the UpdateAgent campaign has steadily evolved. It went from basic information stealer in December 2020, to the ability to fetch and deliver .DMG files in February 2021, to being able to fetch and deliver .ZIP files in March 2021.

Later in August, the malware expanded its reconnaissance function to scan and collect System_profile and SPHardwaretype information from victim machines. At its worst point in August, the malware even used permissions and wrote its own code to trick Gatekeeper into thinking it’s not even there.

“UpdateAgent is uniquely characterized by its gradual upgrading of persistence techniques, a key feature that indicates this trojan will likely continue to use more sophisticated techniques in future campaigns,” Microsoft said Microsoft.

Microsoft wasn’t clear which versions of MacOS are impacted by UpdateAgent, but it did have some advice that goes beyond using antivirus software. It pointed to using the Microsoft Edge browser, which can block and scan for malicious websites. Other tips include restricting access to privileged resources, installing apps only from the app store, and running the latest versions of MacOS and other applications.

Editors' Recommendations

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Here’s why 2024 is going to be a slow year for the Mac
The 14-inch MacBook Pro with M3 Max chip seen from behind.

We’ve finally made it into 2024, and if you’re of the Apple persuasion, it feels like there’s a huge amount to look forward to this year. Yet that’s not true for everything Apple makes -- in fact, this could be an incredibly quiet 12 months for the Mac.

I recently wrote about how 2024 is going to be packed with major releases from Apple, yet among all the goodies that will be coming our way this year, there’s only one Mac announcement that I’d consider notable for fans of Apple’s computers. And even then, I’m talking about the MacBook Air getting the M3 chip, something the MacBook Pro got back in 2023.

Read more
After decades of Windows loyalty, I’m switching to Mac
The 14-inch MacBook Pro on a window sill.

I've been using Windows since Version 1.0, bridging the great divide between command-line computing and the graphical user interface. I never gave the Mac a try because it didn't support my business environment, and in the beginning, I enjoyed cobbling together components and squeezing out every ounce of performance. I was also a bit of a Windows snob, taking offense at Apple's Mac versus PC commercials and its generally superior attitude over the years.

But lately, I've used macOS more often and have grown ever more weary of some aspects of Windows that seem like they'll never go away. So, after a bit of soul searching and financial planning, I've decided to switch to an all-Apple computing environment. Like lots of people in the past couple of years, the Mac renaissance has caught my attention -- and led me to do the unthinkable: say goodbye to Windows.
It all started with my MacBook Pro
Apple MacBook Pro 14 Mark Coppock / Digital Trends

Read more
These are the 10 settings I always change on a new Mac
A MacBook Air on a desk with an open book in front of it.

Every time I buy a new Mac, there are a bunch of settings I change to improve the macOS experience. Some are quick tweaks that solve minor annoyances, while others are vital changes that make my Mac safer, faster, or just plain better.

I recently wrote about a few key settings to change in macOS Sonoma, but the ones contained in the article you’re perusing now aren’t just for Apple’s latest operating system. Whether you’re running an earlier version of macOS or are reading this long after Sonoma has become old news, there are plenty of macOS settings you can adjust to get more from your Mac.
Turn on FileVault

Read more