A newly discovered Mac Trojan malware can run ads and steal data from the Apple device no matter how safe it is. The said malware is called the WizardUpdate. Although it was already in existence for some time now, it has been upgraded to pose more danger.
Mac Trojan Malware WizardUpdate: Everything Apple Users Must Know About
According to The Digital Dentist, Microsoft researchers have discovered a new type of macOS which is called the WizardUpdate. With the recent discovery of the new version of the malware, all Mac users should be concerned since it has been upgraded to include enhanced evasion and persistence strategies, which are more difficult to track, locate and even put an end to.
In the tweet posted by Microsoft Software Intelligence, they stated that this Apple malware will continue to grow in sophistication.
We recently discovered the latest variant of a Mac malware tracked as UpdateAgent (aka WizardUpdate) with new persistence and evasion tactics, the latest in a series of upgrades over the past year. Given its history, this Trojan will likely continue to grow in sophistication. pic.twitter.com/pt8nfnwg4v— Microsoft Security Intelligence (@MsftSecIntel) October 21, 2021
WizardUpdate--also known as UpdateAgent--is a program that runs on a code that can be found in download repositories. Tom's Guide also added that it could grant itself administrator permissions to install additional software on a Mac and pretends to be legitimate software.
"UpdateAgent abuses public cloud infrastructure to host additional payloads and attempts to bypass Gatekeeper, which is designed to ensure that only trusted apps run on Mac devices, by removing the downloaded file's quarantine attribute," Microsoft furthered on Twitter.
Tom's Guide added that the Apple malware appears to be installing mainly adware called AdLoad. This Mac adware injects advertisements into loaded web pages and modifies the search engine results. Aside from this, the newly discovered upgraded Mac Trojan may easily load ransomware or botnet software due to its capabilities.
For a background history of the Apple malware, WizardUpdate was first discovered in November 2020. Since its release, the initial capabilities of the code were limited to exfiltrating and collecting basic system information, which is why several researchers thought that it is just a simple malware. However, WizardUpdate has seen numerous upgrades after its discovery.
Despite the fact that the Microsoft researchers found no direct evidence of how WizardUpdate is transmitted, it is reasonable to assume that the group behind the code would employ similar or identical techniques which masquerades a software, per The Digital Dentist.
8 Ways to Prevent and Remove WizardUpdate
Malware Tips has shared in detail the ways to remove and prevent the WizardUpdate from infecting an Apple device.
- Mac users must head to the Apple menu bar located in the top-right corner of the screen.
- On the Apple menu bar, a WizardUpdate icon is shown, and users must right-click on it then choose "Quit."
- However, if the said WizardUpdate is not on the Apple menu bar, Mac users must click the "Finder" application located in the lower part of the screen.
- In the finder application, launch the "Applications" tab on the left pane of the screen.
- Once the application tab is launched, it will show users the list of all apps installed on the Mac laptop, and users must scroll through the list and locate "WizardUpdate."
- If the WizardUpdate popped up, users must right-click on it then click "Move to trash."
- After moving to trash, head to the dock screen of Mac then right-click the trash bin to empty the trash.
- Lastly, find and remove the WizardUpdate files in the "Go to folder."