UpdateAgent Mac Malware

UpdateAgent is a great example of the digital arms race between technology companies and cybercriminals, in which they’re constantly trying to outdo each other. In fact, it’s a Mac malware threat that has evolved over the years, adding new ways to target users and get around macOS security.


But how does it work? And, more importantly, how do you remove UpdateAgent from Mac systems? In this article, we’ll examine this virus in detail and show you what to do if you’re infected.


Before we start


If your Mac is infected with LaunchAgent, you can use MacKeeper’s Antivirus to detect and remove it safely and efficiently. Here’s how to run an on-demand scan:

  1. Open MacKeeper, and select Antivirus from the menu bar
  2. Click Start Scan
  3. When the scan is finished, select anything suspicious, and click Move to Quarantine.

That’s all it takes to check your Mac for malware. Plus, MacKeeper is packed with other useful security, privacy, and optimization tools. Give it a try and see for yourself.

How to detect UpdateAgent on a Mac

Like a lot of viruses, the UpdateAgent Mac malware doesn’t want to be found too easily. If your Mac is infected, though, there are a few telltale signs you might notice:

  • A sudden increase in intrusive ads when browsing the web
  • Your web browser redirects you to different sites or search engines than you expect
  • An unexplained change to your browser home page
  • Websites display incorrectly or look different to normal.

Note from our team: 


You can also detect UpdateAgent with antivirus software like MacKeeper. Read our guide on how to check for malware on Mac for more information.

How to remove UpdateAgent virus

Getting rid of the virus UpdateAgent manually is easier said than done. Its ability to hide and create launch agent entries makes it tricky to pin down.


Here are a few basic steps you can take to try to remove UpdateAgent:

  • Delete unwanted apps: Check through your Applications folder for apps you didn’t install, pirated apps, or apps from untrusted developers
  • Remove LaunchAgents: In Finder, click Go > Go to Folder in the menu bar, and type ~/Library/LaunchAgents. Look through this folder and delete anything suspicious. Do the same for ~/Library/LaunchDaemons
  • Delete rogue browser add-ons: Check your web browser for any dodgy-looking extensions. You’ll usually find your installed add-ons in your browser settings, which you can access from your menu bar.

Unfortunately, these actions alone are unlikely to remove UpdateAgent. The best way to get rid of malware on Mac is with antivirus software like MacKeeper. This will allow you to carry out a complete scan of your computer and automatically detect viruses.

In your Applications folder, you may see apps that you didn't install. Remove these, along with any pirated or cracked apps, which may cause issues.
Step 1. Check your Applications folder for unwanted apps
UpdateAgent can install entries in your LaunchAgents and LaunchDaemons folders, making it harder to remove. Check them for anything suspicious.
Step 2. Check your LaunchAgents and LaunchDaemons folders
Check your web browser extensions for anything suspicious, which you should remove. You can normally get to the settings using the menu bar.
Step 3. Make sure you don't have any rogue browser add-ons installed

How to protect your Mac from UpdateAgent infection

Rather than trying to remove UpdateAgent from your Mac, it’s better to prevent it from ever getting infected in the first place. Let’s move to the best ways to do that.

Download from safe sources

UpdateAgent is usually hidden in what appears to be legitimate software. However, you can reduce your risk of infection by sticking to safe, trusted sources of software.


The safest option is to only download from the Mac App Store. If you’re downloading from external sources, try to stick to the official websites of trusted companies.

Use licensed software

Avoid pirated software or cracks for legitimate apps. These are very often loaded with malware.


Also, pay attention to warnings from your Mac. If you see a message that says macOS cannot verify that this app is free from malware, that’s a good sign to stop what you’re doing.

Update your Mac

Keeping your Mac up to date is an essential part of making it secure. As well as updating macOS, you also need to update your third-party apps.


Here’s how to check for macOS updates:

  1. In System Settings, select General > Software Update
  2. If automatic updates are enabled, macOS will search for and install updates
  3. Once updates are installed, you may need to restart your Mac afterwards.
In macOS System Settings, scroll down and click
Step 1. In System Settings, go to General > Software Update
The automatic update settings in macOS System Settings. Changing these will determine how macOS treats updates for first-party software.
Step 2. You can check and tweak your automatic update settings
Some macOS updates require you to restart your Mac to apply the update. If you see a
Step 3. Apply updates and restart if necessary

Install antivirus

Antivirus software makes malware removal easy, especially if it offers real-time protection. This will constantly check your Mac for changes and new apps, alerting you of suspicious activity and blocking rogue software.


Here’s how to use real-time antivirus in MacKeeper:

  1. In MacKeeper, select Antivirus from the sidebar. You should see Real-time protection is enabled in the center of the MacKeeper. If not, click the Enable button
  2. You can also tweak this feature. Select MacKeeper > Settings from the menu bar
  3. In the Antivirus section, choose whether you want MacKeeper to automatically quarantine suspicious files or notify you first.

For extra protection, our experts highly encourage you to run on-demand scans in the MacKeeper’s app.

In MacKeeper, you have a series of tools in the sidebar on the left. Click
Step 1. Select Antivirus in MacKeeper
You can tweak MacKeeper's real-time protection in the settings, which you can reach by selecting MacKeeper > Settings from the menu bar.
Step 2. Select MacKeeper > Settings from the menu bar
In MacKeeper's settings, you can choose whether infected items are automatically moved to quarantine or if you're to be notified first.
Step 3. Choose to automatically move infected items to quarantine or to notify you first

What is UpdateAgent?

UpdateAgent is malware designed to target computers running macOS. To be specific, it’s a trojan, meaning it’s usually disguised as or hidden in legitimate software.


The most common ways to get infected with UpdateAgent are:

  • Drive-by downloads
  • Rogue ads and pop-ups
  • Email attachments
  • Pirated software or cracks.

What does UpdateAgent do?

Microsoft has been tracking this malware for several years. One of UpdateAgent’s most interesting—and worrying—traits is that it’s been updated over time with new features.


To date, these are some of the things UpdateAgent can do to systems it infects:

  • Gathering information from the Mac and sending it back to the hackers
  • Downloading and installing other software and malware, often hosted on public cloud servers
  • Bypassing the Gatekeeper security feature built into macOS
  • Hiding and preventing itself from being deleted
  • Creating LaunchAgent and LaunchDaemon folders to make removal harder
  • Running system commands with admin permissions.

So far, UpdateAgent has mainly been used to install Adload, which targets Mac users with ads, generating revenue for the hackers. However, at any time, this malware could deliver more dangerous payloads.

Is UpdateAgent malware dangerous?

In short, yes. UpdateAgent’s ability to give itself elevated permissions and install more malware is particularly concerning. Normally, Gatekeeper prevents unauthorized apps from running on your system, but UpdateAgent can stop Gatekeeper’s warnings from appearing.


The fact UpdateAgent is still being worked on and upgraded makes it even more dangerous. We can only guess what its creators might prepare for Mac users in future.

Make your Mac a fortress

It’s vital to take Mac malware seriously, because the biggest gift you can give cybercriminals is apathy. So, our key advice for you is be proactive. Follow best practice tips for cybersecurity, like using strong passwords and avoiding email attachments from unknown senders.


And, of course, use antivirus software. With MacKeeper’s Antivirus, you can not only detect and delete threats like UpdateAgent but prevent them from ever taking hold in the first place. 

Use your Mac to the fullest! Sign up and get:
Effective tips on how to fix Mac issues
Reliable advice on how to stay safe online
Mac-world news and updates

Thank you!

You’ll love exploring your Mac with us.

Oops, something went wrong.

Try again or reload a page.

Here’s another sign you need to upgrade your macOS ASAP:

30% off your MacKeeper subscription

Сopy the code now and use it in the MacKeeper checkout after the upgrade.

Copy Code

Please be aware that this code cannot be combined with any other discounts, offers, or promotions.



MacKeeper - your all-in-one solution for more space and maximum security.

Try Now

Read more

Apple ID Scams
Apple ID Scams
macOS Security Features
macOS Security Features

Run Application


Click Continue


Click Install


Your macOS version is lower than OS 10.11. We’d like to offer you MacKeeper 4 to solve the cleaning, privacy, and security issues of your macOS.