Skip to main content
Published Oct 21, 2021 | Updated Nov 15, 2021

Behavior:MacOS/UpdateAgent.B

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Microsoft Defender Antivirus or Microsoft Defender for Endpoint on Mac detects and removes this threat.

This threat is a variant of the UpdateAgent trojan that targets macOS devices. This trojan impersonates legitimate software, such as video players or support agents, and is possibly distributed through drive-by-download. This trojan is also known to download additional adware payloads like Adload on target devices.

Microsoft Defender Antivirus or Microsoft Defender for Endpoint on Mac automatically removes threats as they are detected. If you have cloud-delivered protection, your device gets the latest defenses against new and unknown threats. If you don't have this feature enabled, update your antimalware definitions and run a full scan to remove this threat.

If the UpdateAgent trojan has been launched, it is likely that the device is under complete attacker control. To help reduce the impact of this threat, you can:

  • Inspect the downloaded file and the process responsible for modifying the file quarantine attribute.
  • Stop suspicious processes, isolate the affected device, rest the password, block IP addresses and URLs, and install security updates.
  • Investigate the device timeline for indications of reconnaissance and data exfiltration.
  • Contact your incident response team to start the incident response process. If you don't have one, contact Microsoft support for potential forensic analysis and remediation.

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

Follow us