AdLoad Malware 2021 Samples Skate Past Apple XProtect

2021-08-12 17:32

A swelling wave of AdLoad malware infections in macOS devices is cresting its way past Apple's on-device malware scanner, researchers said.

AdLoad is a well-known Apple threat that's been circulating for years.

"This year we have seen another iteration that continues to impact Mac users who rely solely on Apple's built-in security control XProtect for malware detection," Phil Stokes, researcher at SentinelOne's SentinelLabs, said in a Wednesday posting.

"Typically, we observe that developer certificates used to sign the droppers are revoked by Apple within a matter of days of samples being observed on VirusTotal, offering some belated and temporary protection against further infections by those particular signed samples by means of Gatekeeper and OCSP signature checks," Stokes said.

SentinelLabs' researchers observed the latest AdLoader samples used in campaigns starting as early as November of last year, but it wasn't until this summer - July and August in particular - that the volume of attacks and samples began to tick up sharply.

"It certainly seems possible that the malware developers are taking advantage of the gap in XProtectAt the time of writing, XProtect was last updated to version 2149 around June 15 - 18," Stokes said, adding that the malware does have a high detection rate in VirusTotal.

News URL

https://threatpost.com/adload-malware-apple-xprotect/168634/

#apple #malware

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apple		68	212	1433	2208	257	4110