Adload
AdLoad is a widespread macOS malware family, commonly described as adware and a bundleware loader, known since at least 2017. It hijacks and redirects user web browsing traffic and has been observed installing a web proxy to conduct person-in-the-middle-style interception of search traffic, inject advertisements into webpages, and redirect search engine results. Reporting also describes it as persistent, capable of harvesting system or user data, and able to download and install additional payloads, making it both an adware threat and a secondary-stage loader.
AdLoad targets macOS environments. It has been associated with browser-focused abuse, including traffic hijacking and redirects, and has been cited among prevalent macOS threats in 2024 and 2025 reporting. Apple’s XProtect Remediator includes AdLoad among high-prevalence threats it scans for.
Observed delivery chains include distribution by other macOS malware families. Shlayer has commonly delivered AdLoad as a payload. Microsoft observed UpdateAgent distributing AdLoad as a secondary payload in an October 2021 campaign involving trojanized ZIP and PKG installers impersonating legitimate software. SentinelLabs also documented AdLoad campaigns using fake Player.app DMG droppers resembling Bundlore/Shlayer delivery patterns; some droppers were signed with valid Apple developer certificates and in some cases notarized, while final payloads were unsigned.
Persistence mechanisms documented for AdLoad include LaunchAgents and LaunchDaemons, with 2021 variants using labels ending in .service and .system and storing payloads under hidden Application Support paths. User-level persistence was installed in ~/Library/LaunchAgents/, while privileged installs also used /Library/LaunchDaemons/. Additional reporting states AdLoad has used macOS cron jobs as a persistence mechanism, including legacy adware resurgence via cron-based execution.
Network and behavioral reporting from IronNet in August 2023 described AdLoad as a package bundler that downloads additional payloads. Observed C2 traffic included HTTP GET requests using device-unique values, user-agent strings such as Go-http-client or curl, HTTP POST data beginning with "smc" followed by encrypted data, and secondary payload downloads from static.<two-word-domain>.com paths matching /d/<38 digit string>/<filename>. Downloaded payloads were reported as password-protected ZIP files.
AdLoad has also been linked to suspicious activity around Safari privacy-control bypass research. Microsoft reported suspicious activity associated with AdLoad that might be exploiting CVE-2024-44133 ("HM Surf"), a Safari/TCC bypass affecting MDM-managed Apple devices, but could not confirm that AdLoad specifically exploited that vulnerability.
High-confidence indicators and artifacts mentioned in the content include LaunchAgent and LaunchDaemon labels such as com.ActivityInput.service, com.SwitcherGuard.service, com.RecordMapper.system, com.SectionAssist.system, and com.TypeInitiator.system; payload storage under ~/Library/Application Support/.[digits]/Services/ and /Library/Application Support/.[digits]/System/; a hidden tracker file named .logg containing a UUID; HTTP user agents Go-http-client and curl; POST data beginning with "smc"; and secondary-download subdomains following the pattern static.<two-word-domain>.com.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Techniques & procedures
13 distinct techniques documented for this family, organized by ATT&CK tactic.
Execution
2 techniques
Execution
Persistence
1 technique
Persistence
Privilege Escalation
1 technique
Privilege Escalation
Stealth
5 techniques
Stealth
The droppers we have seen take the form of a lightly obfuscated Zsh script that decompresses a number of times... AdLoad binaries use a great deal of obfuscation, including custom string encryption
Interestingly, the droppers for this campaign share the same pattern as Bundlore/Shlayer droppers. They use a fake Player.app mounted in a DMG.
Credential Access
1 technique
Credential Access
Discovery
1 technique
Discovery
Collection
2 techniques
Collection
Command and Control
4 techniques
Command and Control
The victim host conducts HTTP GET requests to a C2 domain... C2 activity begins via HTTP POST... An additional payload is downloaded from static.<domain>/d/<38 digit string>/<filename>... Detections Behavior MITRE ATT&CK Details AdLoad - ZIP file downloads from unknown domains T1071.001 HTTP
IOCs tracked for this family
319 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
IPs, domains, and DNS infrastructure linked to this family.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Recent activity
14 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Adware/loader targeting macOS, capable of persistence and data collection.
macOS malware that hijacks and redirects web browsing traffic.
macOS adware family discussed in the context of using cron jobs (loaded in a certain way) as a persistence mechanism that can sidestep Apple Background Task Management (BTM) visibility.
macOS malware that hijacks and redirects web browsing traffic.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.