top of page

The Name's Agent, UpdateAgent. Malware Coming To A Mac Near You

Published: May 02, 2022 on our newsletter Security Fraud News & Alerts Newsletter.

There’s a trojan malware family out there just waiting for you to download their UpdateAgent on your Mac device. Microsoft has been watching this malware continue to develop for two years before recently deciding to go public with its findings. They’ve seen continuous development of this trojan over time, cautioning its trajectory may become like those common to malware affecting Windows. But in its current form, the trojan UpdateAgent app is making its own type of malware trouble for Mac users today.

First discovered two years ago, Microsoft 365 Defender Threat Intelligence Team found UpdateAgent started as a basic info-stealer. This latest campaign added distributing secondary payloads to its many adaptations, what Microsoft says is “Reminiscent of the progression of info-stealing trojans in other platforms, UpdateAgent may similarly become a vector for other threats to infiltrate target systems.”

What UpdateAgent is Up to Today

Today’s version of UpdateAgent requires a user to install adware called Adload, an “unusually persistent” adware masquerading as legitimate software advertised in pop-up ads. But for now, Microsoft writes “The malware attempts to infiltrate macOS machines to steal data and it is associated with other types of malicious payloads, increasing the chances of multiple infections on a device.”

One of many tools UpdateAgent currently uses is getting beyond Gatekeeper controls. Gatekeeper is designed to make sure only trusted apps are run on Mac devices. This trojan takes advantage of existing user permissions to dispense its malware, before finally deleting any evidence it was there to begin with.

Protect Your MacOS

  • Anti-phishing reminders are a great way to help prevent malware like UpdateAgent, as well as many others, from entering your MacOS.

  • Beware of pop-up ads, especially those included in phishing emails. They’re not only annoying, but they can also install malware too. Remember, the best phishing email is one that’s deleted.

  • Lookout for any sense of urgency in an email. Hackers like to push us into acting quickly before there’s time to verify if the email is legitimate.

  • Be aware of generic greetings, bad spelling or grammar in an email, as well as poor quality graphics.

  • Keep all system software updated, especially anti-virus software and apps. Updates have fixes to security flaws that can leave a system open to attack.

  • Always use a good dose of common sense and think before you click. Phishing emails often have malware attachments and malicious links in the message and acting on them can be the first step to installing malware.

Want to schedule a conversation? Please email us at


bottom of page