Adload

Malware updated a month ago (2024-11-29T14:25:25.639Z)
Download STIX
Preview STIX
AdLoad, first discovered in 2018, is a family of ad-injection malware that primarily targets Mac users. It operates by inundating users with pop-up ads and promotional messages, often redirecting browser traffic to unwanted advertisements. Two variants, DesignationDrive and EssentialPlatform Mac adware, are part of this threat family. The malware has been observed to use deceptive tactics such as "Update Adobe Flash Player" alerts to trick users into downloading it. Once installed, it adjusts browser settings across platforms like Mozilla Firefox, Google Chrome, Internet Explorer, and Safari, thereby disrupting the user's web experience with intrusive ads. The AdLoad dropper was notably notarized by Apple and used a Gatekeeper bypass, which significantly increases its potential for damage. This discovery led to further investigation, as outlined in a blog post by AT&T Cybersecurity, revealing that Mac systems were being turned into proxy exit nodes by AdLoad. The malware's activity has been found to closely resemble the HM Surf technique, although it remains unclear whether AdLoad is directly exploiting the HM Surf vulnerability due to limited observation of the steps leading to the activity. Microsoft has noted suspicious activity associated with the AdLoad adware that suggests it might be exploiting the HM Surf vulnerability. However, without concrete evidence of the steps taken leading to the activity, it's impossible to fully determine if the AdLoad campaign is indeed exploiting this vulnerability. Despite this uncertainty, the similarities in method raise the importance of protection against attacks using this technique. Both Microsoft and Apple have been contacted for further comment on this issue. Meanwhile, macOS users are strongly advised to apply updates promptly to mitigate potential exploitation activity associated with AdLoad.
Description last updated: 2024-10-21T08:32:41.878Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Macos
Vulnerability
Malware
Microsoft
Proxy
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Adload Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more