According to security firm Sentinel One, a nasty strain of Mac malware known as AdLoad has reappeared and is blitzing through macOS’ built-in defenses.
Sentinel One claims to have seen more than 150 new AdLoad strains since November of last year, with “a dramatic surge throughout July and in especially the early weeks of August 2021.”
Because the malware is “signed” with an Apple developer certificate, many of the new strains escape Apple’s Gatekeeper verification screener’s defenses.
They also get beyond Apple’s XProtect malware scanner because many AdLoad strains don’t match the malware profiles in the database. To get past Apple’s newest tier of protections, some are “notarized.”
“The fact that hundreds of unique samples of a well-known adware variant have been circulating for at least 10 months and yet still remain undetected by Apple’s built-in malware scanner demonstrates the necessity of adding further endpoint security controls to Mac devices,” says Sentinel One.
What you can do to protect yourself
To combat this, you’ll need one of the best Mac antivirus applications, as Apple’s own precautions aren’t always enough.
In theory, you may prevent an AdLoad infection by refusing to provide the malware your admin password when it starts the installation process.
But, like other Mac malware, it will try to trick you into allowing it to install by claiming that your password is required for some other reason. AdLoad installers, for example, are frequently mislabeled as Adobe Flash Player installers, according to a previous Sentinel One research.
How AdLoad works
By redirecting your online traffic, AdLoad makes money. It hijacks your browser’s search engine results and redirects them to sites that may pay AdLoad a fee, as well as injecting its own adverts on top of legal web ads.
Although this isn’t the worst type of malware to have, AdLoad also burrows into the operating system to make it harder to eradicate. And who knows what kind of more dangerous infections you might get if this type of middleweight Mac virus gets onto your laptop.
According to the study, Apple has begun cancelling developer credentials as soon as it detects an AdLoad strain, but “new samples signed with fresh certificates appear within a matter of hours and days.”