Tag

Adware

4 briefs RSS

Mac Adware Injecting Malicious JavaScript via Obfuscated Python Script

A Mac adware, likely a component of OSX.Pirrit, uses multiple layers of obfuscation, including base64 encoding, zlib compression, and variable renaming, to evade detection and inject malicious JavaScript from hxxps://1049434604.rsc.cdn77.org/ij1.min.js.

CleanMyMac X +1 adware macos python javascript_injection

2r 2t 1i May 7, 2026

high threat

Adware Doctor Steals and Exfiltrates Browser History from Mac App Store Users

2 rules 2 TTPs 9 IOCs

Adware Doctor, a popular app available on the Mac App Store, surreptitiously steals user's browsing history from Safari and Chrome, compresses the data into a password-protected zip archive, and exfiltrates it to a remote server.

Adware Doctor +1 adware exfiltration macos

2r 2t 9i May 7, 2026

high advisory

Dragon Boss Solutions Adware Disabling Antivirus Protections

2 rules 2 TTPs 2 IOCs

Digitally signed adware from Dragon Boss Solutions LLC deploys payloads with SYSTEM privileges to disable antivirus protections on thousands of endpoints across education, utilities, government, and healthcare sectors.

adware antivirus-evasion malware windows

2r 2t 2i Apr 16, 2026

medium advisory

Mac File Opener Adware Persists via Document Handler Registration

2 rules 1 TTP

The 'Mac File Opener' adware achieves persistence by registering itself as a document handler for numerous file types, leveraging the Launch Services Daemon (lsd) to automatically parse the application's Info.plist and register the handlers.

macOS adware persistence

2r 1t Jan 2, 2024