New post Need visibility? Apply for a FREE post for your Startup.  Apply Here

News

Apple’s Automated Notarization Approves Malware For MacOS, Accidentally

1 Mins read

Security researchers have found an active malware attacking MacOS users, and interestingly, the malware was fully notarized by Apple.

The malware was disguised as an update for Adobe Flash Player to run on MacOS.

The Malware, according to security researcher, Patrick Wardle, contained code used by a well-known malware called Shlayer.

Shlayer is a trojan downloader that spreads through fake applications. It bombard users with an influx of adware.

Shlayer also works by intercepting web traffic, and replacing ads with its own, fraudulently making money for its operators.

In a report by Apple Insider, Peter Dantini noticed that a Flash installer adware campaign featured malicious code that was notarized by Apple.

The effect of that notarization is that the installer wouldn’t be blocked by the built-in Gatekeeper security function. If a user clicked on it, the installer would simply run and deliver its payload on a system.

Peter Dantini, a college student, discovered the notarized version of Shlayer while navigating to the homepage of the popular open source Mac development tool Homebrew.

Peter had accidentally typed a web address different from the one he intended, and he was redirected to a number of fake Adobe Flash update page.

After intentionally downloading the malware, MacOS gave the standard warning, but did not block the program from running. He then forwarded the information to Apple’s Patrick Wardle.

According to the cybersecurity and antivirus company, Kaspersky, Shlayer is the most common threat faced by MacOS users.

Apple noted that malware constantly changes, so it is likely that bad actors will again submit malicious payloads to Apple’s notarization process.
Apple, however, revoked the malwares’s notarization, and disabled the developer’s account.

“Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allow us to respond quickly when it’s discovered.”

In a continued statement to TechCrunch, Patrick Wardle said:

“Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.”

In a move to prevent adware and ransomware, Apple started a process of “notarizing” all macOS applications, a vetting process designed to weed out illegitimate or malicious apps.

The notarization is also extended to software distributed outside of the Mac App Store, or users wouldn’t be able to run them without special workarounds.

Don’t miss any tech news ever!

We don’t spam! Read our privacy policy for more info.

897 posts

About author
When I'm not reading about tech, I'm writing about it, or thinking about the next weird food combinations to try. I do all these with my headphones plugged in, and a sticky note on my computer with the words: "The galaxy needs saving, Star Lord."
Articles
Related posts
News

Hackers Attack NBS Website, Forcing Shutdown

1 Mins read
The National Bureau of Statistics (NBS) confirmed that its official website has been compromised by hackers, just two weeks after unveiling its…
News

Hackers steal $16.8m from Uganda's Central Bank

1 Mins read
Uganda’s Central Bank has become the latest victim of cyber attack. The bank fell to a sophisticated cyber attack by hackers known…
News

Crypto entrepreneur eats popular $6.2m banana artwork

1 Mins read
Interesting things keep happening all around the world, and one of them involves a cryptocurrency entrepreneur, Justin Sun, who transformed an iconic…
Newsletter Subscription

🤞 Don’t miss any update!

We don’t spam! Read more in our privacy policy

Join our Telegram channel here - t.me/TechpadiAfrica

Leave a Reply