Powerful Mac Malware Can Install Anything — What You Need to Do

Powerful Mac Malware Can Install Anything — What You Need to Do

A previously passive Mac Trojan horse has become more dangerous, Microsoft reports.

The computing giant tweeted last week that Mac malware known as WizardUpdate or UpdateAgent, once purely an "information thief" profiling infected systems, has recently evolved into an administrative It tweeted that it has evolved to be able to grant itself the authority to install other software on Macs.

So far, WizardUpdate appears to install only adware, primarily a piece of Mac adware called AdLoad, which inserts ads into loaded web pages and changes search engine results. However, WizardUpdate's power means that it can easily load ransomware and botnet malware.

"Given its history, this Trojan will continue to grow in sophistication," Microsoft Security Intelligence said in a series of tweets.

"We have discovered that the latest UpdateAgent variant is most likely impersonating legitimate software and being distributed via drive-by download.

To avoid infection by WizardUpdate, use and install the best Mac antivirus program available to detect and remove malware before it does more damage. Also, never install software from a random source, even if it is "signed" by an Apple developer and looks familiar, such as Adobe Flash Player.

When WizardUpdate was first discovered by New York-based ad verification firm Confiant in January of this year, it was posing as a Flash Player installer and had been digitally signed by the developer. While this is still likely the case today, it may be disguised as other software.

According to Microsoft, earlier versions of this malware simply "profiled" infected systems as part of information gathering. Since then, WizardUpdate has evolved incrementally and is now gradually adding capabilities to bypass macOS Gatekeeper protection, download other programs, modify system preferences, and grant system-wide permissions to the user profile that infected it.

In other words, WizardUpdate can now do almost anything it wants on an infected Mac, from installing new programs to completely changing system parameters.

The only silver lining here is that, for now, WizardUpdate appears to be primarily installing AdLoad adware. However, WizardUpdate has powerful capabilities, and what it installs could quickly get worse.

This story was previously reported by Bleeping Computer.

Categories