Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,493
- Points
- 113
Congratulations, macOS, you have been successfully attacked... again.
AdLoad is a malicious software that has been attacking Mac systems for more than half a decade. It installs a malicious web proxy to intercept traffic and serve targeted ads. AdLoad also serves as a port for other downloads: advertising programs, browser extensions, and proxy applications.
Researchers from AT&T Alien Labs in July 2023 discovered a new version of the program. After launching, it collects information about the system, including the UUID, and reports it to the management server. AdLoad then loads the malicious module, disables security, and runs the proxy in the background. vpnservices domains are usually used for downloading software[.] live and upgrader[.]live
According to the analysis of more than 150 samples, many devices are already infected. "Alien Labs has identified more than 10,000 IP addresses accessing proxy servers on a weekly basis that have the potential to be exit nodes. It is unclear whether all of these systems are infected or voluntarily offering themselves as proxies, but this may indicate a larger infection on a global scale."
Experts traced the server domains to a company that sells proxy services. According to them, the botnet was used to send spam, but the main intentions are unclear. The botnet also detected infected Windows devices.
Attackers are increasingly attacking macOS as the brand's popularity grows. According to a Jamf survey, 23% of businesses used a Mac as their primary device in 2020. Accenture analysts note that the business remains vulnerable due to insufficient attention to system security.
In 2022-2023, activity targeting macOS increased significantly. New tools, exploits, and ransomware have been added. Hackers are increasingly bypassing security by exploiting blind spots.
AdLoad uses sophisticated methods to hide from antivirus programs. It has already been used for DDoS attacks and data theft. Infecting a single computer can cause damage to many users and businesses. Experts recommend using reliable antivirus software, updating your system regularly, and configuring your firewall. They also provided a set of YARA rules and a list of signs of infection. This will help IT professionals identify threats on corporate devices and take timely action.
AdLoad is a malicious software that has been attacking Mac systems for more than half a decade. It installs a malicious web proxy to intercept traffic and serve targeted ads. AdLoad also serves as a port for other downloads: advertising programs, browser extensions, and proxy applications.
Researchers from AT&T Alien Labs in July 2023 discovered a new version of the program. After launching, it collects information about the system, including the UUID, and reports it to the management server. AdLoad then loads the malicious module, disables security, and runs the proxy in the background. vpnservices domains are usually used for downloading software[.] live and upgrader[.]live
According to the analysis of more than 150 samples, many devices are already infected. "Alien Labs has identified more than 10,000 IP addresses accessing proxy servers on a weekly basis that have the potential to be exit nodes. It is unclear whether all of these systems are infected or voluntarily offering themselves as proxies, but this may indicate a larger infection on a global scale."
Experts traced the server domains to a company that sells proxy services. According to them, the botnet was used to send spam, but the main intentions are unclear. The botnet also detected infected Windows devices.
Attackers are increasingly attacking macOS as the brand's popularity grows. According to a Jamf survey, 23% of businesses used a Mac as their primary device in 2020. Accenture analysts note that the business remains vulnerable due to insufficient attention to system security.
In 2022-2023, activity targeting macOS increased significantly. New tools, exploits, and ransomware have been added. Hackers are increasingly bypassing security by exploiting blind spots.
AdLoad uses sophisticated methods to hide from antivirus programs. It has already been used for DDoS attacks and data theft. Infecting a single computer can cause damage to many users and businesses. Experts recommend using reliable antivirus software, updating your system regularly, and configuring your firewall. They also provided a set of YARA rules and a list of signs of infection. This will help IT professionals identify threats on corporate devices and take timely action.
