A new variant of the notorious Adload malware has been discovered, demonstrating the ability to bypass the latest updates to Apple’s built-in antivirus software, XProtect. Despite Apple’s recent efforts to strengthen its defenses against malware, which included adding 84 new rules to the XProtect signature list, this variant has quickly adapted to evade these measures. This development highlights the ongoing challenge faced by cybersecurity defenses in keeping up with the adaptability and sophistication of malware authors.
Apple’s security team had significantly updated XProtect, implementing 74 new rules in version 2192 and an additional 10 in version 2193 released on April 30th. These updates were specifically aimed at combating the persistent threat of Adload adware, which has been known to affect macOS devices. However, the new versions of Adload have already shown the ability to evade detection by XProtect and other antivirus engines available on VirusTotal, underscoring the dynamic nature of cyber threats.
As the week progressed, it became evident that the new Adload samples were increasingly capable of bypassing not only Apple’s XProtect but also the detection mechanisms of various other antivirus products listed on VirusTotal. This suggests an alarming enhancement in the malware’s evasion capabilities. Initially, many samples were detected by various antivirus engines, but newer samples began to show near-total evasion, highlighting the sophistication of the malware’s latest iteration.
Among the new variants of Adload, one particular version compiled solely for the Intel x86_64 architecture exhibited almost complete detection evasion, with zero or only one detection occurring among the VirusTotal engines. This variant acts primarily as an initial dropper for further payloads, with no clear parent executable, application, or disk image, which suggests it might be distributed through cracked or trojanized applications. These samples also contained a unique custom domain consistent with known Adload patterns, indicating a sophisticated and organized method of distribution employed by its authors.
