American cybersecurity firm SentienOne has traced a new form of AdLoad malware that is slipping through Apple’s built-in antivirus technology XProtect in a series of campaigns to attack Macs.
A well-known trojan that has been targeting the macOS platform since at least since late 2017, AdLoad has been used to deliver several malicious payloads, including adware and Potentially Unwanted Applications (PUA).
The malware is also capable of harvesting system information that later gets sent to remote servers controlled by its operators.
These large scale and continued attacks have started since November 2020, according to SentinelOne threat researcher Phil Stokes, with an increased activity in July and the beginning of August.
After infecting a Mac, AdLoad will install a person-in-the-middle web proxy to take over search engine results and inject advertisements into web pages for financial gains.
As the researcher closely observed the campaign, he detected more than 220 samples, with 150 of them unique and still undetected by Apple’s built-in antivirus system even after the fact that XProtect now comes with almost a dozen AdLoad signatures.
While the AdLoad malware now only deploy adware and bundleware as secondary payloads, their operators can quickly choose to deliver more dangerous malware, including ransomware or wipers, at any time.
The fact that hundreds of samples of a well-known adware have been circulating for at least 10 months undetected by Apple’s malware system highlights the need for tightening the security of Mac devices through the addition of further endpoint security controls.
Read original article here www.bleepingcomputer.com/news/apple/new-adload-malware-variant-slips-through-apples-xprotect-defenses