fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New AdLoad Malware Variant Slips Through Apple’s XProtect Defenses

New AdLoad Malware Variant Slips Through Apple’s XProtect Defenses

A new AdLoad malware variant is slipping through Apple’s YARA signature-based XProtect built-in antivirus to infect Macs as part of multiple campaigns tracked by cybersecurity firm SentinelOne.

AdLoad is a widespread trojan targeting the macOS platform since at least since late 2017 and used to deploy various malicious payloads, including adware and Potentially Unwanted Applications (PUAs), 

This malware can also harvest system information that later gets sent to remote servers controlled by its operators.

Also Read: Protecting Data Online in the New Normal

Increasingly active since July

These massive scale and ongoing attacks have started as early as November 2020, according to SentinelOne threat researcher Phil Stokes, with an increase in activity beginning with July and the beginning of August.

Once it infects a Mac, AdLoad will install a Man-in-The-Middle (MiTM) web proxy to hijack search engine results and inject advertisements into web pages for monetary gain.

It will also gain persistence on infected Macs by installing LaunchAgents and LaunchDaemons and, in some cases, user cronjobs that run every two and a half hours.

While monitoring this campaign, the researcher observed more than 220 samples, 150 of them unique and undetected by Apple’s built-in antivirus even though XProtect now comes with roughly a dozen AdLoad signatures.

Many of the samples detected by SentinelOne are also signed with valid Apple-issued Developer ID certificates, while others are also notarized to run under default Gatekeeper settings.

XProtect AdLoad signatures (SentinelOne)

“At the time of writing, XProtect was last updated around June 15th. None of the samples we found are known to XProtect since they do not match any of the scanner’s current set of Adload rules,” Stokes concluded.

“The fact that hundreds of unique samples of a well-known adware variant have been circulating for at least 10 months and yet still remain undetected by Apple’s built-in malware scanner demonstrates the necessity of adding further endpoint security controls to Mac devices.”

Hard to ignore threat

To put things into perspective, Shlayer, another common macOS malware strain that has also been able to bypass XProtect before and infect Macs with other malicious payloads, has hit over 10% of all Apple computers monitored by Kaspersky.

Its creators also got their malware through Apple’s automated notarizing process and included the ability to disable the Gatekeeper protection mechanism to run unsigned second-stage payloads.

Shlayer also recently exploited a macOS zero-day to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads on compromised Macs.

While both AdLoad and Shlayer now only deploy adware and bundleware as secondary payloads, their creators can quickly switch to more dangerous malware, including ransomware or wipers, at any time.

Also Read: The Top W’s of Ethical Hacking

“Today, we have a level of malware on the Mac that we don’t find acceptable and that is much worse than iOS,” said Craig Federighi, Apple’s head of software, under oath while testifying in the Epic Games vs. Apple trial in May.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us