Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

macOS Adload Pivots Just Days After Apple’s XProtect Clampdown

May 2, 2024, 11:13 a.m.

Description

The report analyzes a new variant of the Adload adware that evades Apple's recent XProtect malware signature updates. Despite Apple adding 74 new rules targeting Adload in XProtect version 2192, the adware authors have rapidly modified their code to bypass these detections. The report examines a specific 4.55MB Intel x86_64 dropper sample that employs Go language components and connects to hardcoded domains for retrieving next-stage payloads. While undetected by most antivirus engines on VirusTotal, SentinelOne's multi-engine platform effectively identifies and blocks this Adload variant.

Date

Published: May 1, 2024, 8 p.m.

Created: May 1, 2024, 8 p.m.

Modified: May 2, 2024, 11:13 a.m.

Indicators

api.validexplorer.com

api.searchwebmesh.com

api.operativeeng.com

api.navigationbuffer.com

api.lookwebresults.com

api.launchelemnt.com

api.inetprogress.com

api.generalmodules.com

api.deployquest.com

api.buffermanager.com

api.availablemac.com

Attack Patterns

Adload

Adload

T1082