Security News > 2021 > August > New AdLoad malware variant slips through Apple's XProtect defenses
A new AdLoad malware variant is slipping through Apple's YARA signature-based XProtect built-in antivirus tech to infect Macs as part of multiple campaigns tracked by SentinelOne security researchers.
While monitoring this campaign, the researchers observed more than 220 samples, 150 of them unique and undetected by Apple's built-in antivirus even though XProtect now comes with roughly a dozen AdLoad signatures.
"At the time of writing, XProtect was last updated around June 15th. None of the samples we found are known to XProtect since they do not match any of the scanner's current set of Adload rules," SentinelOne concluded.
To put things into perspective, Shlayer, another common macOS malware strain that has also been able to bypass XProtect before and infect Macs with other malicious payloads, has hit over 10% of all Apple computers monitored by Kaspersky.
Its creators also got their malware through Apple's automated notarizing process and included the ability to disable the Gatekeeper protection mechanism to run unsigned second-stage payloads.
"Today, we have a level of malware on the Mac that we don't find acceptable and that is much worse than iOS," said Craig Federighi, Apple's head of software, under oath while testifying in the Epic Games vs. Apple trial in May..