‘WizardUpdate’ malware recasts a malicious spell, yet still no match for Jamf Protect

Jamf Threat Labs updates Jamf Protect to completely prevent UpdateAgent/WizardUpdate from threatening the security of your macOS fleet.

February 11 2022 by

Matthias Wollnik

Threat: UpdateAgent/WizardUpdate

The UpdateAgent family of malware has been actively circulating since 2020. Microsoft recently reported the latest variant of the family.

Affects: UpdateAgent is a Mac-targeted trojan that masquerades as legitimate software. The attack payload has varied over time from information gathering to adware deployment. It is actively being developed.

Detected by: Jamf Protect detected UpdateAgent (also known as WizardUpdate) as of 12/30/20 with new variants added, as discovered.

Prevented by: Jamf Protect detected UpdateAgent (also known as WizardUpdate) as of 12/30/20 with new variants added, as discovered.

IOCs (as published by Microsoft):

Web exploit URLs:

Don't let your Mac fleet become hexed, cursed or jinxed...

Jamf Protect casts Expelliarmus on the macOS malware looking to compromise the security of you macOS endpoints!

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.