New AdLoad malware variant evades Apple’s XProtect defenses
Cybersecurity firm SentinelOne identified a new AdLoad malware that is capable of bypassing Apple’s XProtect built-in antivirus to infect Macs as part of multiple campaigns.
SentinelOne is an American cybersecurity firm based in California. The platform delivers the defenses needed to avoid, detect and undo known and unknown threats.
Since 2017, AdLoad, a widespread Trojan, is targeting the macOS platform, which is a graphical OS developed by Apple in 2001 and used in Apple’s Mac computer. AdLoad is used to position multiple malicious payloads, which include adware and Potentially Unwanted Applications (PUAs), along with amassing and transmitting information about infected machines.
Also Read: Android Trojan compromises Facebook Accounts
As per the threat researcher at SentinelOne, Phil Stokes, these attacks started in November last year and have taken the front seat increasing activities in July and August this year.
The mechanism involves the AdLoad to install a Man-in-The-Middle (MiTM) web proxy once it infects the Mac. This will allow it to hijack search engine results, injecting advertisements into web pages, giving monetary benefits.
Along with this, it will gain persistence on affected Macs through LaunchAgents, LaunchDaemons, and user cronjobs that run every two and a half hours.
The researcher also pointed out that while analyzing the campaign, he observed 220-plus samples where 150 of them were unique and unidentified by Apple’s antivirus.
AdLoad, alongside Shlayer, is among the malware clan known to bypass XProtect and infect Macs. In April this year, Apple addressed another zero-day flaw in its Gatekeeper service (CVE-2021-30657) which was abused to deploy software on Macs by the Shlayer operators.
In light of this dangerous finding, Stoke emphasized on adding further security controls to Mac devices. This is because hundreds of samples of the adware variant have been circulating for around 10-months and are undetected by Apple’s malware scanner. Stoke also pointed out that malware on macOS is an issue that manufacturers are striving to cope up with.
