What is the AdLoad trojan?

AdLoad is considered to be a trojan horse, a type of malware that comes bundled inside a piece of legitimate software. When the user installs the desired software, AdLoad quietly installs itself in the background.

By hitching a ride on legitimate software, AdLoad manages to neatly sidestep macOS security protocols. In May 2024, AdLoad was able to get past XProtect, macOS’s default antivirus platform.

Once it’s on your machine, AdLoad gets to work, inundating you with pop-up ads, stealing your personal data, hijacking your browser, and redirecting you to malware-infected websites. As an extra unwanted gift, AdLoad may even give you more malware, which could be exponentially worse in nature.

Therefore, it’s imperative that you remove Adload from your Mac immediately, while the damage is minimal.

What does AdLoad do?

Once the Trojan virus is downloaded, AdLoad implements shell scripts to download additional malware or adware onto the infected system. AdLoad is executing these commands in the same way that you can implement top-level changes through Terminal, except it is doing this without your knowledge, quietly running in the background.

These shell scripts operate like a command-line equivalent of an Automator or AppleScript app, similar to a Windows .bat ("batch") file. AdLoad acts as a bundler or installer for a series of malware infections, known as OSX/MacOffers, macOS/MacOffers (also named BundleMeUp, Mughthesec, and Adload), or OSX/Bundlore adware as a secondary payload.

Because these programs all come with a cryptographic digital signature, they all bypass Apple's Gatekeeper protection and Apple's XProtect bad download blocker functionality. Apple is unable to distinguish between the malware infections downloaded by the Trojan and a legitimate app that a user has elected to download.

It appears that the objective behind this activity is to fill a Mac with adware to collect browser data and passwords and generate advertising revenue for the creators of this malware. Some people who've been infected note that a pop-up appears every ten minutes until the malware is removed. This pop-up comes with this message:

Infection: User: _analyticsd Process: /usr/libexec/xpcproxy File: /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd

Clearly, removing this virus is the most sensible approach to keeping your Mac safe.

How can you identify AdLoad adware on your Mac?

So, what are the usual signs that your Mac has AdLoad malware on it? Check out the following list of symptoms and see if your Mac is suffering from any of them:

  1. Your Mac begins to act strangely, especially after installing a new piece of third-party software.
  2. Your Mac suddenly slows down and may, in some cases, crash, necessitating a system reboot.
  3. Your Mac is overheating due to internal components being overworked. This puts the battery at serious risk of being damaged.
  4. Your Mac is overheating due to internal components being overworked. This puts the battery at serious risk of being damaged.
  5. Your browser is sluggish to the point of being unusable. Closing tabs doesn’t work, nor does restarting the browser.
  6. Your browser homepage and search engine have been changed. All your web searches are sent to suspicious, unwanted search engines.
  7. Your web browsing gets redirected to sketchy-looking websites.
  8. Your Wi-Fi network is unstable and will frequently disconnect.

How to remove AdLoad?

Removing malware manually is possible, although, in this case with so many executable payloads, it might prove somewhat difficult. However, if you want to try manually, we recommend that you start looking for the following files in Applications and Library folders.

Here is the list of Applications:

  • AdLoad
  • Shlayer
  • MacOffers
  • BundleMeUp
  • Bundlore

Here is the list of locations where you should look for the applications mentioned above:

  • /Library/Application Support/
  • /Library/LaunchAgents/
  • /Library/LaunchDaemons/
  • /Library/LaunchDaemons/
  • /Library/LaunchDaemons/
  • /Library/PrivilegedHelperTools/
  • /System/Library/Frameworks/

Take anything you find to the Trash, then empty it, and restart your Mac. It may also be worth removing any extensions or add-ons from web browsers and then resetting those. Always be careful when deleting adware and malware — you always run the risk of removing something that is actually needed without realizing it.

Another way to remove a malicious virus is with a dedicated app like CleanMyMac.

Get rid of AdLoad malware safely using CleanMyMac

AdLoad is a dangerous pest that requires a ruthlessly efficient malware detection tool to fight back against it. The leader is, without a doubt, CleanMyMac, powered by Moonlock Engine.

This fast, lightweight platform wastes no time in finding the AdLoad malware, as well as anything else lurking in the depths of your MacBook. CleanMyMac offers a free trial so users can try it out for themselves.

Start your CleanMyMac plan (it’s free for 7 days), just open the app and do the following to send AdLoad packing:

  1. Look at the left sidebar of the CleanMyMac interface. You’ll see 6 features. The one you need for this task is Protection. Select it to open the malware removal tool.
  2. The first thing you need to do before starting the scan process is to configure the settings. Select Configure Scan and select everything.
  3. Click the Scan button. CleanMyMac will now begin its work by looking for the AdLoad malware.
  4. If CleanMyMac finds any threats, it will show them to you in a list, with the option to select them all and delete them. Select everything it shows and click Remove.

After that, your Mac will be operating at peak performance again. Good as new, without any viruses, infections, Trojans, or malware.