Another Mac Malware in the Wild

Marc
Marc Moderator, Beta Tester Posts: 3,109
250 Answers 1,000 Likes 2500 Comments 250 Awesomes
✭✭✭✭✭✭✭
Interesting Article from Are Technica on the "update" agent malware thats affecting some macOS based systems.  This ones been around since late 2020 but its getting some notice now.  Also note something needs to be installed so please be careful what you click on or install on any system.

https://arstechnica.com/information-technology/2022/02/mac-malware-spreading-for-14-months-is-growing-increasingly-aggressive/

Once adware is installed, it uses ad injection software and techniques to intercept a device’s online communications and redirect users’ traffic through the adware operators’ servers, injecting advertisements and promotions into webpages and search results. More specifically, Adload leverages a Person-in-The-Middle (PiTM) attack by installing a web proxy to hijack search engine results and inject advertisements into webpages, thereby siphoning ad revenue from official website holders to the adware operators.

Adload is also an unusually persistent strain of adware. It is capable of opening a backdoor to download and install other adware and payloads in addition to harvesting system information that is sent to the attackers’ C2 servers. Considering both UpdateAgent and Adload have the ability to install additional payloads, attackers can leverage either or both of these vectors to potentially deliver more dangerous threats to target systems in future campaigns.


Thats Daphnee, she's a good dog...