Threat: UpdateAgent/WizardUpdate
The UpdateAgent family of malware has been actively circulating since 2020. Microsoft recently reported the latest variant of the family.
Affects: UpdateAgent is a Mac-targeted trojan that masquerades as legitimate software. The attack payload has varied over time from information gathering to adware deployment. It is actively being developed.
Detected by: Jamf Protect detected UpdateAgent (also known as WizardUpdate) as of 12/30/20 with new variants added, as discovered.
Prevented by: Jamf Protect detected UpdateAgent (also known as WizardUpdate) as of 12/30/20 with new variants added, as discovered.
IOCs (as published by Microsoft):
Web exploit URLs:
Don't let your Mac fleet become hexed, cursed or jinxed...
Jamf Protect casts Expelliarmus on the macOS malware looking to compromise the security of you macOS endpoints!
Subscribe to the Jamf Blog
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.