AdLoad
AdLoad is a malicious tool aimed at sneaking potentially annoying adware into your Mac-based system. The tool has been in circulation for almost three years now, showing no signs of slowing down. Its long tenure is due to its ability to evolve quickly enough to avoid detection. Throughout its evolution, AdLoad has reportedly dropped dozens of Potentially Unwanted Apps (PUAs) — Kreberisec, SearchDaemon, DataSearch, ApolloSearch, AphroditeResults, and many others (see list below) — on a countless number of MacOS systems worldwide. Considering the nature of those apps, AdLoad does not behave like a typical severe-level threat. However, its persistent behavior turns any removal attempt into quite a challenging task.
Table of Contents
A Hijacker or a Trojan?
AdLoad appears to have a dubious nature. On the one hand, it shares the typical traits of classic browser hijackers. It comes disguised as a fake software update or as a drive-by download. On the other hand, some researchers tend to classify AdLoad as a Trojan-like entity because of its backdoor functionality to plant all sorts of PUAs into a host Mac system.
Once in, AdLoad redirects victims’ web browsing activity to predetermined servers by way of man-in-the-middle attacks. Such redirects usually occur whenever the actors in charge want to monetize ad revenue by rerouting computer users to sites infested with pay-per-click (PPC) ads. While this advertising model is by no means harmful when applied with the most popular search engines on the Web, it may cause trouble if exploited for the wrong reasons. The latter usually involves advertisers who pay less known search engines to drive traffic to PPC-heavy websites of none too savory nature.
The spread of AdLoad may take place during loading of bundled applications or freeware. There may be cases of AdLoad installing through Flash Player prompts, as seen in the image below. Often such a Flash Player install prompt is a website that has loaded a script or page that attempts to trick computer users into downloading and installing the files associated with AdLoad, thus permitting the installation of AdLoad where it may then bombard Mac computer users with pop-up advertisements.
Example of AdLoad installation prompt via a Flash Player install message.
Despite AdLoad’s longevity, it remains hard to detect to this day, as shown on VirusTotal, for the adware plants various files in a large number of directories. Most data drops in multiple folders in the local Library section. Then, it runs one or more executables, which establish a remote desktop connection via a python script. Apart from the visible folders in the local Library section, AdLoad may create a hidden folder designed to keep the adware running.
Indicators of an AdLoad Infection
Like any other adware piece, AdLoad may slow your system down, bring you countless ads, and lead you to websites you may have never seen before. The ads may offer fake software updates, drive-by downloads, attractive goods, and services. Beware of the latter, though. Especially if they look too good to be true.
Associated PUAs
AdLoad has allegedly brought dozens of PUAs to targeted MacOS-based computers. Some of those PUAs include, but are not limited to: WebSearchStride, TotalAdviseSearch, Sorimbrsec, SkilledProjectSearch, SearchRange, SearchNetCharacter, PositiveSearch, KeyWordsSearch, MajorChannelSearch, AlphaLookup, GoldResults, GlobalQuestSearch, LeadingSignSearch, OdysseusLookup, ExpertModuleSearch, VirtualToolboxSearch, TabSearch, UpgradeSearchView, ResultsSync, NetToolboxSearch, SimpleFunctionSearch, AresLookup, PublicAdviseSearch, MajorLetterSearch, SearchArchive, SearchRange, CalypsoLookup, BinarySignSearch, and so on.
The list above is but a taste of the AdLoad Adware is capable of bringing to the table. If one or more of these names ring any bells to you, chances are you may have an ongoing AdLoad infection, and you need to take action.
Removal Tips
For a start, you can follow the conventional removal procedure by bringing any suspicious or unknown apps you come across on your Applications folder to the Trash. Then you may clean any residual AdLoad files you find in your Library. Pay special attention to the LaunchAgents folder in particular. Yet, don't forget to go through every Library folder. While these steps may do the trick, scanning your system with a reputable anti-malware solution won't harm. We strongly recommend that you do the latter, for AdLoad has proven to be persistent beyond measure when attacked.
