A Closer Look at "WizardUpdate"

Presented at Objective by the Sea version 5.0 (2022), Oct. 7, 2022, 11:35 a.m. (25 minutes).

The stealthy Mac malware known as "WizardUpdate" or "UpdateAgent" has received some interest from the Mac security community. \n\n In this talk, we take a closer look at "WizardUpdate". We examine TTPs, C2 infrastructure, evolution of samples, distribution mechanisms (including malvertising, social engineering, and traffic distribution services), monetization techniques, and overlap with other macOS adware.


Presenters:

  • Lexi - Security Engineer at Google
    Lexi is a Security Engineer on the team responsible for handling all malicious activity on Google's networks, and for detecting and responding to advanced (APT) attackers. She also maintains a strong interest in Mac malware/adware, and contributes to tracking these in collaboration with Google’s Threat Analysis Group (TAG).
  • Luca Nagy - Security Engineer at Google
    Luca Nagy is a Security Engineer at Google, Threat Analysis Group in Zurich. She has finished her studies in computer engineering, during which she developed an interest in IT security and a passion for malware analysis. Then at SophosLabs, Luca was spending her time reverse engineering emerging threats and creating detections against them. \n\n In the past year she joined Google to focus on understanding and disrupting serious financially motivated threats against Google and Google's users.

Links:

Similar Presentations: