Security Bite: Did Apple just declare war on Adload malware?

/in


Security Bite 9to5mac, macos Mac Adload malware

Following the release of new betas last week, Apple snuck out one of the most significant updates to XProtect I’ve ever seen. The macOS malware detection tool added 74 new Yara detection rules, all aimed at a single threat, Adload. So what is it exactly, and why does Apple see it as such an issue?

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

XProtect, Yara rules, huh?

XProtect was introduced in 2009 as part of macOS X 10.6 Snow Leopard. Initially, it was released to detect and alert users if malware was discovered in an installing file. However, XProtect has recently evolved significantly. The retirement of the long-standing Malware Removal Tool (MRT) in April 2022 prompted the emergence of XProtectRemediator (XPR), a more capable native anti-malware component responsible for the detection and remediation of threats on Mac.

As of macOS 14 Sonoma, XProtect consists of three main components:

  1. The XProtect app itself, which can detect malware using Yara rules whenever an app first launches, changes, or updates its signatures.
  2. XProtectRemediator is more proactive and can both detect and remove malware with regular Yara scans. These occur in the background during periods of low activity and have minimal impact on the CPU.
  3. XProtectBehaviorService (XBS) was added with the latest version of macOS and monitors system behavior in relation to critical resources.

The XProtect suite utilizes Yara signature-based detection to identify…

Source…