Microsoft on Wednesday shed light on a previously undocumented Mac trojan that it said has undergone several iterations since its first appearance in September 2020, effectively granting it an "increasing progression of sophisticated capabilities."
The company's Microsoft 365 Defender Threat Intelligence Team dubbed the new malware family "UpdateAgent," charting its evolution from a barebones information stealer to a second-stage payload distributor as part of multiple attack waves observed in 2021.
"The latest campaign saw the malware installing the evasive and persistent Adload adware, but UpdateAgent's ability to gain access to a device can theoretically be further leveraged to fetch other, potentially more dangerous payloads," the researchers said.
The actively in-development malware is said to be propagated via drive-by downloads or advertisement pop-ups that masquerade as legitimate software like video applications and support agents, even as the authors have made steady improvements that have transformed UpdateAgent into a progressively persistent piece of malware.
Chief among the advancements include the capability to abuse existing user permissions to surreptitiously perform malicious activities and circumvent macOS Gatekeeper controls, a security feature that ensures only trusted applications from identified developers can be installed on a system.
In addition, UpdateAgent has been found to take advantage of public cloud infrastructure, namely Amazon S3 and CloudFront services, to host its second-stage payloads, including adware, in the form of .DMG or .ZIP files.
Once installed, the Adload malware makes use of ad injection software and man-in-the-middle (MitM) techniques to intercept and reroute users' internet traffic through the attacker's servers to insert rogue ads into web pages and search engine results to increase the chances of multiple infections on the devices.
"UpdateAgent is uniquely characterized by its gradual upgrading of persistence techniques, a key feature that indicates this trojan will likely continue to use more sophisticated techniques in future campaigns," the researchers cautioned.
More articles
- Pentest Tools Port Scanner
- Pentest Tools Find Subdomains
- Pentest Reporting Tools
- Hacker Tools Github
- Hack Website Online Tool
- Hacking Tools For Windows
- Hacking App
- Pentest Tools For Ubuntu
- Pentest Tools Tcp Port Scanner
- Hacker Tools Linux
- Hacker Tools Linux
- Hacker Tools Free
- Beginner Hacker Tools
- Hacking Apps
- Pentest Recon Tools
- Hack Tools 2019
- Top Pentest Tools
- Hacker Tools Free Download
- Hack Tools Mac
- Hacking Tools For Games
- Hacking Tools 2020
- Hacking Tools Free Download
- Hack Tools
- Hack Tools Online
- Pentest Tools Port Scanner
- Pentest Tools For Android
- Hacking Tools For Kali Linux
- Hack Tools Mac
- Pentest Tools Github
- Usb Pentest Tools
- Hacking Tools For Kali Linux
- Hacking Tools For Windows
- Blackhat Hacker Tools
- Hacking Tools Usb
- Hack Tools For Pc
- Hack Tool Apk
- Hack Tools For Mac
- Beginner Hacker Tools
- Hack Rom Tools
- Hacker Tools For Pc
- Hack Tools For Mac
- Hacking Tools Github
- Hacking Tools And Software
- Pentest Tools Port Scanner
- Hacker Tools Linux
- Hacking Tools Name
- Pentest Tools Online
- New Hacker Tools
- Pentest Reporting Tools
- Hacking Tools Free Download
- How To Hack
- Hacker Tools 2019
- Physical Pentest Tools
- Hacker Tools Apk Download
- Hacker Security Tools
- World No 1 Hacker Software
- Nsa Hacker Tools
- Pentest Tools Kali Linux
- Hacking Tools For Windows
- Hack Tools For Windows
- Pentest Tools Free
- Hacker Tools For Windows
- Hacking Tools Usb
- Pentest Tools Review
- Hack Tools For Games
- Pentest Tools Open Source
- Usb Pentest Tools
- Hacking Tools For Pc
- Github Hacking Tools
- Hacking Tools Kit
- Pentest Tools Free
- Pentest Tools Download
- Hack Tools Pc
- Tools For Hacker
- Pentest Tools Open Source
- Hacker Tools 2019
- Hack Tool Apk No Root
- Hack Tools 2019
- Hacker Techniques Tools And Incident Handling
- Physical Pentest Tools
- Hack Tools Online
No comments:
Post a Comment