• For Enquiry
  • 847-868-9253
  • 847-868-9208
  • Home
  • Why Choose CIO Landing?
    • Our Team
    • Success Stories
    • ‘8 Things’ We Do Better
    • Partners & Certifications
    • Our Services
  • Industry Expertise
    • Manufacturing
    • Medical
    • Education
    • Financial Services
    • Non-Profit
    • Law Firms
  • IT Solutions
    • Co-Managed Service
    • Managed IT Services
    • IT Support
      • On Demand Services
      • Office Moves & Wiring
      • Security
    • Server Management
    • Backup & Disaster Recovery
    • Cloud Services
    • CIO & IT Consulting
    • Cybersecurity Services
    • VoIP
    • Managed Firewall
    • Microsoft 365
      • Microsoft 365 Plans
        • Small Business
        • Enterprise
        • Education
    • Hardware & Software Sales
    • Email & Spam Protection
  • Resources
    • Free Copy Of New Book
    • Blog
    • Newsletter
    • Video Tips
      • Video Tips Archive
    • Free Cloud Report
    • IT Buyers Guide
    • Cybersecurity Crisis Report
    • Network Audit
    • COVID 19 Resources
    • In The NEWS
    • Online Training
  • About Us
    • Our Mission
    • Leadership
    • Teams
    • Referral Program
    • Press Releases
      • CIO Landing: More Than Just an IT
      • Small businesses can have an IT department too
      • CIO Landing, Inc. has joined forces with Banc Certified Merchant Services (BCMS).
    • Affiliations
    • Careers
      • Job Descriptions
    • FAQs
    • Causes We Support
    • Privacy Policy
    • Terms & Conditions
  • Locations
    • Northfield, IL
    • Northbrook, IL
    • Chicago, IL
    • Miami, FL
  • Support
✕
Some Microsoft Operating System Updates Will Expire
November 4, 2021
New TodayZoo Phishing Campaign Is Going After Passwords
November 6, 2021

This Mac Malware Should Have Users Worried

November 5, 2021

Researchers from Microsoft have reported the discovery of a new variant of macOS malware called WizardUpdate.

The new version should worry all Mac users because it has been upgraded to incorporate enhanced evasion and persistence tactics that will make it more difficult to track, locate and ultimately stop.

WizardUpdate is also known as UpdateAgent and it is based on code that is distributed via download repositories. That is where it masquerades as a legitimate software. Although the researchers found no direct indication of how this new variant is distributed it follows that the group behind the code would use similar if not outright identical techniques.

WizardUpdate has had a short but interesting history. It was first discovered in November 2020. In its earliest incarnation the code could do little more than collecting and exfiltrating basic system information. That proved to be but a simple test. Since its initial release WizardUpdate has seen numerous upgrades.

The latest build includes the following capabilities:

  • To grant admin permissions to regular users
  • To leverage existing user profiles to execute commands
  • To modify PLIST files using PlistBuddy
  • To bypass Gatekeeper by removing quarantine attributes from downloaded payloads
  • To grab the full download history for infected Macs by enumerating LSQuarantineDataURL String using SQLite
  • And to deploy secondary payloads downloaded from cloud infrastructure

Microsoft had this to say about the newly discovered strain:

“UpdateAgent abuses public cloud infrastructure to host additional payloads and attempts to bypass Gatekeeper, which is designed to ensure that only trusted apps run on Mac devices, by removing the downloaded file’s quarantine attribute.”

“It also leverages existing user permissions to create folders on the affected device. It uses PlistBuddy to create and modify Plists in LaunchAgent/ LaunchDeamon for persistence.”

WizardUpdate by any name is a scarily capable malware strain and Mac users should be on high alert.

Share
45
taylor
taylor

Related posts

March 10, 2025

The Hidden Threat: How Gift Card Scams Are Targeting Businesses Like Yours

Read more
February 11, 2025

CIO Landing Named to CRN’s MSP 500 List for 2025—For the Third Year in a Row!

Read more
December 4, 2024

Unlocking the Power of Windows 11: Tips for Maximum Productivity

Read more
© 2025 All Rights Reserved | Powered by CIO Landing