14 DAY TRIAL // Several new variants of the AdLoad malware family, a well-known adware family that has evolved into 150 distinct wild strains this year alone, are being used in new attacks against macOS, according to The Hacker News.
The most complex versions of AdLoad managed to get past Apple's malware scanner and some even got signed by their own certifying services, demonstrating the software's ongoing efforts to adapt and evolve. The malware is known to bypass XProtect and infect macOS with more malicious payloads, along with Shlayer.
The new AdLoad version intercepts long-lasting and executable names that use a particular file extension pattern to bypass additional Apple safeguards. Once the phase is completed, it results in installing a persistence agent that provides malicious droppers known to masquerade as a fake player.app.
Apple faces a tremendous task with macOS malware
Phil Stokes, a security researcher at SentinelOne, said in a study that "In late 2019, SentinelLabs described how AdLoad was continuing to adapt and evade detection, and this year we have seen another iteration that continues to impact Mac users who rely solely on Apple's built-in security control XProtect for malware detection," adding that XProtect currently has about 11 different signatures for AdLoad adware.
SentinelOne claimed to have discovered more samples signed with new certificates within hours or days, calling it a "game of Whack-a-Mole." The first AdLoad samples reportedly surfaced in November 2020, with frequent occurrences in the first half of 2021, followed by a significant spike in July and especially in the first weeks of August 2021. The security researcher concluded that, as Apple itself has acknowledged and explained elsewhere, macOS malware presents a difficult challenge for the device maker.
The fact that the integration of Apple's built-in malware scanner requires hundreds of individual samples of a prevalent adware strain to be propagated for at least 10 months shows the necessity for more Mac computer endpoint security monitoring.