Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

Adload (Kreberisec, ApolloSearch) – Malware

August 6, 2024
Reading Time: 35 mins read
in Malware
Adload (Kreberisec, ApolloSearch) – Malware

Adload

Type of Malware

Adware

Addittional names

Kreberisec, ApolloSearchDaemon, AphroditeResults, NetSignalSearchDaemon, ApolloSearch, and many others.

Country of Origin

Unknown

Date of initial activity

2017

Targeted Countries

Unknown

Motivation

Financial Gain

Attack Vectors

Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.

Targeted System

macOS

Overview

AdLoad is malicious software that targets macOS operating systems. It is adept at evading detection by both built-in macOS security tools and numerous third-party antivirus programs. Additionally, it hinders victims from removing the software from their systems. AdLoad is an adware-type malware that hijacks browsers and forces users to visit potentially malicious websites, allowing cybercriminals to generate revenue. It is also known by various names, including Kreberisec, ApolloSearchDaemon, AphroditeResults, NetSignalSearchDaemon, and ApolloSearch. This adware often includes terms like “SearchDaemon,” “Lookup,” “DataSearch,” and “Results” within its name. AdLoad stores its files in various directories, with some being easily found and others more hidden. However, it can only perform these actions when the victim provides the password of an admin account. According to a recent report by SentinelOne, a new strain of AdLoad malware has been discovered that can bypass the built-in antivirus detection of macOS, posing a significant threat to the security of Mac systems.

Targets

Mac devices.

How they operate

AdLoad malware operates primarily as adware, but it can also exhibit browser hijacking and data-tracking functionalities. Here’s a detailed breakdown of how AdLoad operates:
Adware Operations
Displaying Advertisements: AdLoad injects advertisements into web pages that users visit. These ads can appear as pop-ups, banners, or in-text ads, disrupting the user experience. The ads may promote dubious or potentially malicious websites and products, generating revenue for the attackers through ad clicks and impressions. Redirecting Web Traffic: AdLoad can redirect users to specific websites, often without their consent. This increases web traffic to these sites, generating revenue for the attackers through affiliate marketing or pay-per-click schemes.
Browser Hijacking
Modifying Browser Settings: AdLoad malware changes browser settings, such as the default search engine, homepage, and new tab page, to promote fake search engines or other sites controlled by the attackers. These modifications are often persistent, meaning they revert back even if the user tries to change them manually. Injecting Malicious Code: AdLoad can inject malicious scripts into web pages, further altering the browsing experience and potentially exposing users to more threats.
Data Tracking
Collecting Sensitive Information: AdLoad may track users’ browsing habits, collecting information such as search queries, visited websites, IP addresses, and possibly even login credentials and personal data. This information can be sold to third parties or used for further malicious activities, such as targeted advertising or identity theft.
Persistence Mechanisms
Installing LaunchDaemons and LaunchAgents: AdLoad installs files in various system directories, including LaunchDaemons and LaunchAgents folders, ensuring that it runs automatically every time the system is booted. These files are often named similarly to legitimate system files to avoid detection. Creating Cron Jobs: The malware may set up cron jobs to execute tasks periodically, maintaining its presence and re-establishing connections to command-and-control servers. Hiding Components: AdLoad hides its components in obscure or hidden directories, making manual removal difficult. For instance, it may use folders like “/var/root/.mitmproxy” to store malicious files.
Distribution Methods
Bundling with Software: AdLoad is often bundled with free software installers from unofficial websites. When users download and install these programs, AdLoad is installed alongside them. Fake Updates: The malware is sometimes distributed through fake software updates, such as bogus Flash Player installers, which trick users into installing the malware. Deceptive Ads: Deceptive pop-up ads that appear on dubious websites can lead users to download and install AdLoad.

Variants

AlphaLookup, AphroditeLookup, AphroditeResults, ApolloSearch, AresLookup, ArtemisSearch, BinarySignSearch, CalypsoLookup, DataFormatSearch, DataQuest, ElementaryDataSearch, ElementaryInfoSearch, ElementaryProjectSearch, ExpertCharacterSearch, ExpertModuleSearch, ExpertProjectSearch, FindData, GlobalConsoleSearch, GlobalQuestSearch, GlobalSearchQuest, GoldResults, InetWebSearch, KeyWordsSearch, Kreberisec, LeadingChannelSearch, LeadingSignSearch, LookupTool, MainSignalSearch, MajorChannelSearch, MajorLetterSearch, NetLookupSearch, NetToolboxSearch, OdysseusLookup, OperativeResults, PositiveSearch, PublicAdviseSearch, QuickLookSearches, ResultSearchManager, ResultSync, ResultsSync, SearchAdditionally, SearchArchive, SearchNetCharacter, SearchOptical, SearchQuest, SearchRange, SimpleBoardSearch, SimpleFunctionSearch, SkilledProjectSearch, SmartQuestSearch, SmartWebSearch, Sorimbrsec, TabSearch, TechFunctionSearch, TotalAdviseSearch, UpgradeSearchView, VirtualToolboxSearch, WebSearchStride, PoseidonResults
References:
  • How to avoid installation of AdLoad malware
  • New macOS Adload Malware Bypasses Built-in macOS Antivirus Detection
  • macOS Adload | Prolific Adware Pivots Just Days After Apple’s XProtect Clampdown
  • Massive New AdLoad Campaign Goes Entirely Undetected By Apple’s XProtect
  • Remove AdLoad Malware From Your Mac (Ultimate Guide)
  • Adware:MacOS/Adload.A
  • Latest macOS Adload variant focuses on detection evasion
  • Trojan.AdLoad
Tags: AdloadAdwareAphroditeResultsApolloSearchApolloSearchDaemonKreberisecMacOSMalwareNetSignalSearchDaemonPasswordSearchDaemonSoftware
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial