Adload

Summary
Common adware disguised as legitimate software
Class
Adware
Class Summary
Adware is a type of software that delivers unsolicited advertisements, typically through pop-up messages or browser redirection. While not always harmful, adware can significantly degrade system performance and user experience. Adware often infiltrates systems through free software downloads or malicious websites. If adware made it on to the system, scrutinize any recent software downloads, especially free software, as it's often the source. Adware can often be removed by looking for odd LaunchAgents, LaunchDaemons, and unexpected 3rd-party browser extensions.
Description

Adload is a highly common macOS adware variant that has historically made its way onto systems by disguising itself as legitimate software designed to help your computer. Adload variants are often signed with a legitimate developer certificate and dropped by distributed malware droppers such as the Shlayer malware dropper. First detected in 2017, Adload has a history of adapting in order to evade detection and continues infecting computers most notably by pretending to be a Flash Player Installer required to watch content on a website that might play videos.

References
Example Hashes
  • 2e7fc75ec74ba1101e5f1bf896cfc96517f284f6
    VirusTotal
  • 243b5d6034344a239f22f4f5c39a7da43d5e09b9
    VirusTotal
  • ba8eb95a19dd666f58df5abe0cd3e81486ce3e7f
    VirusTotal
  • 7afefc85f21b7afdc2104c2ee547ddc1abcaba0f
    VirusTotal
  • f815d97f98c1c528a7c10cc56a9a51da984743e4
    VirusTotal
  • 5a715a77b274d6ab4d6d85fa025deb75a92b3b2f
    VirusTotal
  • ca35bd32d135d8513a81866836a8fe73de970266
    VirusTotal
  • b221b50ccec7c6f7d309f643dd2ee287f2569176
    VirusTotal