Adload Malware Variant Bypass Apple Security To Target Devices


Apple users need to be wary of a new security threat active in the wild. Identified as an Adload variant, the new malware remains undetected by Apple’s security checks. The malware can reach target devices via various means, after which it sneakily harvests device information.

New Adload Malware Variant Evades Apple Security

Researchers from SentinelLabs have discovered a new Adload malware variant actively targeting Apple devices in recent campaigns. Specifically, the years-old Adload malware, which first emerged in 2017, has evolved to bypass current Apple defenses.

Adload is typical adware that hijacks search engine results and injects ads in web pages viewed by users.

Briefly, the malware reaches the target devices via different fake apps, after which it gains persistence on the device. For this, it drops numerous malicious executables with extensions “.system” or “.service” to gain persistence in the device’s Library LaunchAgents folder.

The malware then drops other files, including tracker, and strives to gain root access by requesting privileges. If granted, the malware then keeps harvesting device data.

Adload Evolves To Bypass Security

As elaborated in their blog post, the researchers have spotted more than 150 unique samples in this year’s campaigns. Some of these are even potent enough to evade Apple’s App Notarization. Whereas, on macOS, the malware variant can bypass XProtect – Apple’s built-in security mechanism. Although, XProtect does provide security against the older Adload variants.

Though, the tech giant frequently monitors to revoke any suspicious developer certificates. Yet, it might take some hours or days to detect the malware. Hence, the malware manages to infect a considerable number of devices during this time.

While the slow detection rate relates to the swift evolution of the malware, the researchers also explain how XProtect’s delayed updates are further contributing to it. As stated,

It certainly seems possible that the malware developers are taking advantage of the gap in XProtect, which itself has not been updated since a few weeks… At the time of writing, XProtect was last updated to version 2149 around June 15th –…

Source…