"New AdLoad Malware Bypasses Apple's XProtect and Infect macOS Devices"

Security researchers at Sentinel Labs have discovered a new AdLoad malware variant that targets Apple devices. They observed more than 150 distinct samples as part of a new campaign, which is still undetected by Apple's on-device malware scanner. AdLoad is described as a type of adware capable of redirecting a user's web traffic through the attacker's preferred servers. The attacker's goal is to take over and redirect a user's web browsers for financial gain. According to the researchers, the 2019 and 2021 AdLoad variants used persistence and executable names, following a consistent pattern. In 2019, the pattern included a combination of the words "Search," "Result," and "Daemon." The latest version of AdLoad uses a different pattern, mostly relying on a file extension (i.e., ".system" or ".service"). The file extension used is based on the location of the dropped persistence file and executable. However, ".system" and ".service" will typically still be found on the same infected device if the user gave the installer privileges. Whether or not privileges are granted, AdLoad will still install a persistence agent in the user's Library LaunchAgents folder. The researchers revealed that they found about 50 unique label patterns, each of which has a ".service" and ".system" version. This article continues to discuss the history of AdLoad malware and the new variant of this malware targeting Apple devices. 

ITPro reports "New AdLoad Malware Bypasses Apple's XProtect and Infect macOS Devices"