Adload Case

Adload is one of the several adware and bundle ware loaders targeting MacOS since 2017. Adload is capable of backdooring affected systems to download and install adware and unwanted programs. it is known to bypass XProtect and infect Macs with other malicious payloads. Adload uses different file extension pattern (.system or .service) eventually installing a persistent agent that triggers an attack chain to deploy droppers that are fake player app.

 

Best,

Bingo

 

References:

 

https://thehackernews.com/2021/08/new-adload-variant-bypasses-apples.html

 

https://illinoisnewstoday.com/new-adload-malware-variant-bypasses-apples-xprotect-defenses/343729/

 

https://threatpost.com/adload-malware-apple-xprotect/168634/