Adload

Adload is a family of adware that infects macOS systems by masquerading as legitimate software requesting user permissions. Once installed, Adload directs users to unwanted ads, changes browser settings, and can significantly slow the performance of your computer. In addition to this, Adload puts your privacy at risk by tracking your online activity and installing other harmful programs without user permissions. Adload is sometimes dropped by macOS malware Shlayer.

Symptoms

You might observe the following to be associated with this threat:

• Unexpected advertisements appearing on websites where they previously did not.
• Browser redirects leading to unfamiliar or unwanted webpages.
• Decreased system performance and increased resource usage.
• New, unfamiliar applications or browser extensions installed without your consent.
• Detections of another threat, Trojan: macOS/Shlayer, which is known to drop this threat.

Technical Breakdown

Adload is distributed through applications that pose as legitimate software. Upon execution, the malware may create LaunchAgents or LaunchDaemons to maintain persistence, ensuring the malware runs at every system startup.

Recent variants of Adload have demonstrated the following behaviors:

• Bypassing Security Measures: Many versions of Adload attempt to disable macOS's Gatekeeper protection, allowing the installation of unsigned applications.
• Payload Delivery: Adload often serves as a delivery mechanism for additional adware or potentially unwanted applications (PUAs), further compromising system integrity.
• Data Collection: Adload also collects personal data and browsing history which can then be sold to third parties.

Notably, certain versions of Adload written in Python have exhibited low detection rates among antivirus engines, indicating ongoing efforts by its developers to evade security software by integrating new techniques.

Next Steps

Kandji Endpoint Detection & Response (EDR) automatically removes detected threats when file monitoring is set to Protect.

While the malicious file is removed, it can leave behind artifacts that need to be cleaned manually.

In the future, avoid downloading and installing software from torrent sources or untrusted websites. Ensure that all applications are obtained from official and reputable sources to maintain system integrity and security.