All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 7, 2022. I’ve also included some comments on these stories.

Mac Trojan Comes with Expanded Ability to Drop Secondary Payloads

As reported by Dark Reading, security researchers analyzed a new variant of UpdateAgent and observed that attackers have modified the Mac trojan’s ability to drop additional payloads hosted on public cloud infrastructure. They found that it doesn’t choose between .ZIP archives and mountable disk images for distributing its secondary payloads. Instead, this version comes with the ability to use both attack channels.

Andrew Swoboda | Senior Security Researcher at Tripwire

The UpdateAgent malware that targets Mac has been updated to do more than just drop adware. This malware first surfaced in September of 2020. According to researcher at Microsoft it has been found to contain expanded functionality. It looks like this malware now contains Adload, a Trojan, that contains the functionality for installing unwated applications and additional ad loaders.

New Windows Terminal Version Can Automatically Run Profiles as Administrator

Microsoft has released a new version of the Windows Terminal that can automatically launch profiles as Administrator. According to Bleeping Computer, users can configure Windows Terminal Preview 1.13 to open a profile in an Admin terminal window automatically. Alternatively, they can hold CTRL while clicking on the profile name.

Andrew Swoboda | Senior Security Researcher at Tripwire

Windows Terminal now has the ability to automatically run as an administrator. This feature allows users to launch terminals as an administrator without manually launching the terminal.

Microsoft Moving Forward with WMIC Phase-out

On February 10, Bleeping Computer wrote that Microsoft will begin (Read more...)