Adload

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

AdLoad is a stealthy and pervasive malware that belongs to the AdLoad family of threats. This Trojan infiltrates macOS systems, installing adware and potentially harmful applications without user knowledge. Last week, it was revealed that roughly 10,000 macOS systems had been turned into proxy exit nodes by AdLoad, some of which may have been repurposed after being infected with the adware. The malware is known for its deceptive tactics such as the "Adobe Flash Player is out of date" browser scam, tricking users into downloading and installing unwanted applications. The researchers believe that AdLoad might be running a pay-per-install campaign, monetizing access to the infected macOS systems by deploying a legitimate proxy application on them. This activity likely represents AdLoad's method of counting the number of infected systems, supporting their monetization scheme. The disclosure builds upon prior findings from AT&T, suggesting that macOS machines compromised by AdLoad are being corralled into a giant residential proxy botnet. AdLoad is one of the largest known adware strains targeting macOS, indicating that users of these devices are a lucrative target for the adversaries behind this malware. The company's report is a continuation of a previous study conducted by AT&T Alien Labs research on Mac systems turned into proxy exit nodes by AdLoad. The widespread nature of AdLoad, potentially infecting thousands of devices worldwide, underscores the need for vigilant cybersecurity measures among macOS users.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Proxy

Malware

Macos

Scam

Trojan

Firefox

Safari

Beacon

Botnet

Chrome

Payload

Dropper

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Fiberopticjoin	Unspecified	1	FiberOpticJoin, also known as Trojan.Adload, is an aggressive variant of the AdLoad adware that primarily targets macOS devices. This malware uses stealthy backdoor elements to infiltrate systems and disrupt operations. It spreads mainly by deceiving users into unintentionally installing the softwar
Essentialplatform	Unspecified	1	EssentialPlatform is a malicious software (malware) that primarily targets Mac systems, posing significant threats due to its persistent nature and potential for causing system disruptions. This malware belongs to the AdLoad threat family, known for creating adware designed to display an excessive n
Designationdrive	Unspecified	1	DesignationDrive is a persistent malware threat that primarily targets Mac systems. It belongs to the AdLoad family of threats and is also known as Trojan.Adload. This malicious software is designed to exploit and damage your computer or device, typically infiltrating your system through suspicious

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Adload Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	a year ago	ProxyNation: The dark nexus between proxy apps and malware - Cybersecurity Insiders
CERT-EU	a year ago	TradeAero Mac Adware - Removal Guide
CERT-EU	a year ago	All the Mac malware we know about
CERT-EU	9 months ago	System Error: Click Here to Renew Norton Pop-up Mac Removal
CERT-EU	a year ago	Jamf Threat Labs subverts iPhone security with fake Airplane Mode
CERT-EU	a year ago	Massive 400,000 proxy botnet built with stealthy malware infections
DARKReading	6 months ago	macOS Malware Campaign Showcases Novel Delivery Technique
CERT-EU	7 months ago	ActivityCachefld Will Damage Your Computer Mac - Removal
CERT-EU	8 months ago	Nbp Virus App Mac - Removal Guide [Fix]
CERT-EU	8 months ago	Ryderd Will Damage Your Computer - Removal Guide [5 Mins]
CERT-EU	a year ago	EssentialPlatform Virus - Mac Removal Guide
CERT-EU	a year ago	FiberOpticJoin Mac Ads Virus Removal [Guide]
CERT-EU	a year ago	ExperienceSys Virus - Mac Removal Guide
CERT-EU	a year ago	Remove OpticalFraction Mac Virus [Fix Guide]
CERT-EU	a year ago	Thousands of Systems Turned Into Proxy Exit Nodes via Malware
Securityaffairs	a year ago	A massive campaign delivered a proxy server application to 400,000 Windows systems
CERT-EU	a year ago	DesignationDrive Virus Mac Removal Guide
CERT-EU	a year ago	Thousands of Systems Turned Into Proxy Exit Nodes via Malware
CERT-EU	a year ago	This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers
CERT-EU	a year ago	Mac systems turned into proxy exit nodes by AdLoad \| IT Security News