This week’s security data update to XProtect is unique in the magnitude of its changes. In a single update, the Yara detection rules used by macOS to check for malware have grown by 20% with the addition of 74 new rules, all of them aimed at a single target, Adload. Apple’s security engineers are clearly determined to get the better of that old adware and bundleware loader.

‘Classic’ XProtect is provided as a bundle containing a database, three property lists and a set of Yara rules that are compiled for XProtect to use on-demand when executable code is checked by Gatekeeper. Those rules determine what macOS considers to be malicious, and will be blocked from being loaded and run. Originally they were only used when checking quarantined apps and code for the first time, but in recent versions of macOS checks have become increasingly frequent, and now run whenever third-party code is being prepared to load. This contrasts with the newer XProtect Remediator, a set of 23 executable scanning modules that are run every 24 hours or so to look for signs of known malicious software, including Adload.

Adload probably emerged in 2016, and Apple’s first attempts to detect it appeared in XProtect version 2094 on 25 August 2017, containing detection rules for two variants, A and B. Then in late February 2021, from XProtect 2140 onwards, Apple started updating Yara rules for Adload more frequently. When Apple released the first functional update to XProtect Remediator, version 2, by June 2022, it too had its own scanning module targeting Adload.

Last September Apple started a new cat and mouse campaign, and since XProtect 2172 it has released nine updates to the detection rules for Adload’s many variants and components in the Yara file.

Adload has a track record of rapid change that makes it hard for any adversary using Yara rules for static detection to keep pace. Phil Stokes of SentinelOne Labs has given fuller details of its changing habits and multitude of variants in this review.

The size of the Yara rule file in XProtect 2192, released on 23 April 2024, has risen from 235 KB in 2191 to 281 KB in 2192, as a result of the addition of the 74 new rules listed in the Appendix below. The Adload module in XProtect Remediator 131, released at the same time, has also increased in size from 2.365 MB in version 130 to 2.498 MB in 131. (For those concerned with false positives resulting from its BadGacha scanning module, that has reduced in size in 131, bringing hope that it may report fewer anomalies than its predecessor.)

In releasing all 74 new rules in a single update, Apple is firing a full broadside at Adload’s developers, intending to overwhelm efforts to evade detection until the malware has been extensively rewritten. It also raises the question of whether Apple is now using ML/AI to generate its Yara rules, as developing that many by hand would normally take considerable time and effort. There are already several ML/AI-based tools that will generate Yara rules, but Apple doesn’t appear to have made much use of them in the past, at least not on this unprecedented scale.

It will be interesting to see how successful this approach is with Adload, and whether Apple will use it to tackle other versatile malware such as XCSSET/DubRobber, Genieo and CloudMensis/SnowDrift in future updates to XProtect.

Appendix: New rules added to XProtect 2192

74 new rules for Adload:

• macos_adload_launcher
• macos_adload_main
• macos_adload_agent
• macos_smolgolf_adload_dropper
• macos_smolgolf_adload_dropper_mrt
• macos_gardna_agent
• macos_gardna_agent_b
• macos_magicplant_dropper
• macos_magicplant_dropper_function : adware
• macos_magicplant_dropper_obfuscated_function : adware
• macos_adload_python_dropper
• macos_biter_dropper : adware
• macos_biter_second_stage : adware
• macos_biter_b_dropper : adware
• macos_biter_b_dropper_xprotect
• macos_adload_downloader_dec2020_strings
• macos_adload_d
• macos_adload_e
• macos_adload_f
• macos_adload_search_daemon
• macos_adload_wwxf_objc
• macos_adload_c_dropper : adware
• macos_adload_shell_script_obfuscation
• macos_adload_fantacticmarch : dropper
• macos_adload_d_xor_obfuscation
• macos_adload_daemon_obfuscation
• macos_adload_nautilus_dropper
• macos_adload_nautilus_dropper_xprotect
• macos_adload_nautilus_installer: adware
• macos_adload_nautilus_obfuscated_function : adware
• macos_adload_nautilus_xprotect
• macos_adload_dropper_custom_upx
• macos_adload_dropper_custom_upx_unpacked
• macos_adload_macho_deobfuscation_code
• macos_adload_swift_dropper_strings
• macos_adload_kotlin_agent
• macos_adload_gardna_c
• macos_airplay_app
• macos_toydrop_a
• macos_toydrop_b
• macos_toydrop_a_obfuscation_code
• macos_toydrop_a_agent_strings
• macos_adload_dropper_cpp_function
• macos_smolgolf_adload_dropper_B
• macos_toydrop_pkg_null_padded_trailer : dropper
• macos_adload_mitmproxy_goproxy : adware
• macos_adload_mitmproxy_goproxy_b
• macos_adload_mitmproxy_goproxy_c
• macos_adload_mitmproxy_pyinstaller
• macos_adload_search_daemon_qls
• macos_adload_search_agent_qls_str
• macos_adload_search_agent_qls
• macos_adload_search_qls_combo
• macos_adload_golang
• macos_adload_g_fragment
• macos_adload_g_extension_plist
• macos_adload_g_bundle
• macos_adload_g_go_funcs
• macos_adload_g_chrome_constants
• macos_adload_calypso_obfuscation
• macos_adload_websearchstride_strings
• macos_adload_websearchstride_xor
• macos_adload_pdfcreator
• macos_adload_common_data
• xprotect_macos_adload_common_data
• macos_adload_format_strings
• macos_adload_random_bytes
• macos_adload_c2_constants
• macos_adload_search_daemon_b
• macos_xprotect_adload_search_daemon_b_common
• macos_adload_search_daemon_c
• macos_xprotect_adload_search_daemon_c_common
• macos_adload_weird_plutil
• macos_adload_dylibs

Note these also finally reveal that the XProtect Remediator scanning module for ‘ToyDrop’ is part of the Adload complex. They also cover language variants of Adload, including Python, Swift, Go and Kotlin.