New post Need visibility? Apply for a FREE post for your Startup.  Apply Here

News

Apple’s Automated Notarization Approves Malware For MacOS, Accidentally

1 Mins read

Security researchers have found an active malware attacking MacOS users, and interestingly, the malware was fully notarized by Apple.

The malware was disguised as an update for Adobe Flash Player to run on MacOS.

The Malware, according to security researcher, Patrick Wardle, contained code used by a well-known malware called Shlayer.

Shlayer is a trojan downloader that spreads through fake applications. It bombard users with an influx of adware.

Shlayer also works by intercepting web traffic, and replacing ads with its own, fraudulently making money for its operators.

In a report by Apple Insider, Peter Dantini noticed that a Flash installer adware campaign featured malicious code that was notarized by Apple.

The effect of that notarization is that the installer wouldn’t be blocked by the built-in Gatekeeper security function. If a user clicked on it, the installer would simply run and deliver its payload on a system.

Peter Dantini, a college student, discovered the notarized version of Shlayer while navigating to the homepage of the popular open source Mac development tool Homebrew.

Peter had accidentally typed a web address different from the one he intended, and he was redirected to a number of fake Adobe Flash update page.

After intentionally downloading the malware, MacOS gave the standard warning, but did not block the program from running. He then forwarded the information to Apple’s Patrick Wardle.

According to the cybersecurity and antivirus company, Kaspersky, Shlayer is the most common threat faced by MacOS users.

Apple noted that malware constantly changes, so it is likely that bad actors will again submit malicious payloads to Apple’s notarization process.
Apple, however, revoked the malwares’s notarization, and disabled the developer’s account.

“Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allow us to respond quickly when it’s discovered.”

In a continued statement to TechCrunch, Patrick Wardle said:

“Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.”

In a move to prevent adware and ransomware, Apple started a process of “notarizing” all macOS applications, a vetting process designed to weed out illegitimate or malicious apps.

The notarization is also extended to software distributed outside of the Mac App Store, or users wouldn’t be able to run them without special workarounds.

Don’t miss any tech news ever!

We don’t spam! Read our privacy policy for more info.

882 posts

About author
When I'm not reading about tech, I'm writing about it, or thinking about the next weird food combinations to try. I do all these with my headphones plugged in, and a sticky note on my computer with the words: "The galaxy needs saving, Star Lord."
Articles
Related posts
News

Bitcoin hits new all-time high, hitting $94k amid Trump-era optimism

1 Mins read
Bitcoin has risen to a remarkable high of $94,000, marking a dramatic surge fueled by speculation about potential cryptocurrency-friendly policies and strategic…
News

Logan Paul Faces Crypto Controversy Amid Allegations of Deceptive Promotions

1 Mins read
Social media personality, Logan Paul, is under intense scrutiny after a BBC investigation revealed that he is involved in unethical practices surrounding…
News

Nigerian court orders release of Binance executive after seven months in detention

1 Mins read
Nigeria’s Federal High Court in Abuja has ordered the immediate release of Binance executive, Tigran Gambaryan, following the government’s decision to drop…
Newsletter Subscription

🤞 Don’t miss any update!

We don’t spam! Read more in our privacy policy

Join our Telegram channel here - t.me/TechpadiAfrica

Leave a Reply