Article 5VQHK Mac malware spreading for ~14 months installs backdoor on infected systems

Mac malware spreading for ~14 months installs backdoor on infected systems

by
Dan Goodin
from Ars Technica - All content on (#5VQHK)
backdoor2-800x450.jpeg

Enlarge (credit: Getty Images)

Mac malware known as UpdateAgent has been spreading for more than a year, and it is growing increasingly malevolent as its developers add new bells and whistles. The additions include the pushing of an aggressive second-stage adware payload that installs a persistent backdoor on infected Macs.

The UpdateAgent malware family began circulating no later than November or December 2020 as a relatively basic information-stealer. It collected product names, version numbers, and other basic system information. Its methods of persistence-that is, the ability to run each time a Mac boots-were also fairly rudimentary.

Person-in-The-Middle attack

Over time, Microsoft said on Wednesday, UpdateAgent has grown increasingly advanced. Besides the data sent to the attacker server, the app also sends heartbeats" that let attackers know if the malware is still running. It also installs adware known as Adload.

Read 7 remaining paragraphs | Comments

index?i=yyv6pzfI-s4:qcG8bM5sMqk:V_sGLiPB index?i=yyv6pzfI-s4:qcG8bM5sMqk:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments