In this article you will find the following:
UpdateAgent is a great example of the digital arms race between technology companies and cybercriminals, in which they’re constantly trying to outdo each other. In fact, it’s a Mac malware threat that has evolved over the years, adding new ways to target users and get around macOS security.
But how does it work? And, more importantly, how do you remove UpdateAgent from Mac systems? In this article, we’ll examine this virus in detail and show you what to do if you’re infected.
Before we start
If your Mac is infected with LaunchAgent, you can use MacKeeper’s Antivirus to detect and remove it safely and efficiently. Here’s how to run an on-demand scan:
- Open MacKeeper, and select Antivirus from the menu bar
- Click Start Scan
- When the scan is finished, select anything suspicious, and click Move to Quarantine.
That’s all it takes to check your Mac for malware. Plus, MacKeeper is packed with other useful security, privacy, and optimization tools. Give it a try and see for yourself.
How to detect UpdateAgent on a Mac
Like a lot of viruses, the UpdateAgent Mac malware doesn’t want to be found too easily. If your Mac is infected, though, there are a few telltale signs you might notice:
- A sudden increase in intrusive ads when browsing the web
- Your web browser redirects you to different sites or search engines than you expect
- An unexplained change to your browser home page
- Websites display incorrectly or look different to normal.
Note from our team:
You can also detect UpdateAgent with antivirus software like MacKeeper. Read our guide on how to check for malware on Mac for more information.
How to remove UpdateAgent virus
Getting rid of the virus UpdateAgent manually is easier said than done. Its ability to hide and create launch agent entries makes it tricky to pin down.
Here are a few basic steps you can take to try to remove UpdateAgent:
- Delete unwanted apps: Check through your Applications folder for apps you didn’t install, pirated apps, or apps from untrusted developers
- Remove LaunchAgents: In Finder, click Go > Go to Folder in the menu bar, and type ~/Library/LaunchAgents. Look through this folder and delete anything suspicious. Do the same for ~/Library/LaunchDaemons
- Delete rogue browser add-ons: Check your web browser for any dodgy-looking extensions. You’ll usually find your installed add-ons in your browser settings, which you can access from your menu bar.
Unfortunately, these actions alone are unlikely to remove UpdateAgent. The best way to get rid of malware on Mac is with antivirus software like MacKeeper. This will allow you to carry out a complete scan of your computer and automatically detect viruses.
How to protect your Mac from UpdateAgent infection
Rather than trying to remove UpdateAgent from your Mac, it’s better to prevent it from ever getting infected in the first place. Let’s move to the best ways to do that.
Download from safe sources
UpdateAgent is usually hidden in what appears to be legitimate software. However, you can reduce your risk of infection by sticking to safe, trusted sources of software.
The safest option is to only download from the Mac App Store. If you’re downloading from external sources, try to stick to the official websites of trusted companies.
Use licensed software
Avoid pirated software or cracks for legitimate apps. These are very often loaded with malware.
Also, pay attention to warnings from your Mac. If you see a message that says macOS cannot verify that this app is free from malware, that’s a good sign to stop what you’re doing.
Update your Mac
Keeping your Mac up to date is an essential part of making it secure. As well as updating macOS, you also need to update your third-party apps.
Here’s how to check for macOS updates:
- In System Settings, select General > Software Update
- If automatic updates are enabled, macOS will search for and install updates
- Once updates are installed, you may need to restart your Mac afterwards.
Install antivirus
Antivirus software makes malware removal easy, especially if it offers real-time protection. This will constantly check your Mac for changes and new apps, alerting you of suspicious activity and blocking rogue software.
Here’s how to use real-time antivirus in MacKeeper:
- In MacKeeper, select Antivirus from the sidebar. You should see Real-time protection is enabled in the center of the MacKeeper. If not, click the Enable button
- You can also tweak this feature. Select MacKeeper > Settings from the menu bar
- In the Antivirus section, choose whether you want MacKeeper to automatically quarantine suspicious files or notify you first.
For extra protection, our experts highly encourage you to run on-demand scans in the MacKeeper’s app.
What is UpdateAgent?
UpdateAgent is malware designed to target computers running macOS. To be specific, it’s a trojan, meaning it’s usually disguised as or hidden in legitimate software.
The most common ways to get infected with UpdateAgent are:
- Drive-by downloads
- Rogue ads and pop-ups
- Email attachments
- Pirated software or cracks.
What does UpdateAgent do?
Microsoft has been tracking this malware for several years. One of UpdateAgent’s most interesting—and worrying—traits is that it’s been updated over time with new features.
To date, these are some of the things UpdateAgent can do to systems it infects:
- Gathering information from the Mac and sending it back to the hackers
- Downloading and installing other software and malware, often hosted on public cloud servers
- Bypassing the Gatekeeper security feature built into macOS
- Hiding and preventing itself from being deleted
- Creating LaunchAgent and LaunchDaemon folders to make removal harder
- Running system commands with admin permissions.
So far, UpdateAgent has mainly been used to install Adload, which targets Mac users with ads, generating revenue for the hackers. However, at any time, this malware could deliver more dangerous payloads.
Is UpdateAgent malware dangerous?
In short, yes. UpdateAgent’s ability to give itself elevated permissions and install more malware is particularly concerning. Normally, Gatekeeper prevents unauthorized apps from running on your system, but UpdateAgent can stop Gatekeeper’s warnings from appearing.
The fact UpdateAgent is still being worked on and upgraded makes it even more dangerous. We can only guess what its creators might prepare for Mac users in future.
Make your Mac a fortress
It’s vital to take Mac malware seriously, because the biggest gift you can give cybercriminals is apathy. So, our key advice for you is be proactive. Follow best practice tips for cybersecurity, like using strong passwords and avoiding email attachments from unknown senders.
And, of course, use antivirus software. With MacKeeper’s Antivirus, you can not only detect and delete threats like UpdateAgent but prevent them from ever taking hold in the first place.