New post Need visibility? Apply for a FREE post for your Startup.  Apply Here


Apple’s Automated Notarization Approves Malware For MacOS, Accidentally

1 Mins read

Security researchers have found an active malware attacking MacOS users, and interestingly, the malware was fully notarized by Apple.

The malware was disguised as an update for Adobe Flash Player to run on MacOS.

The Malware, according to security researcher, Patrick Wardle, contained code used by a well-known malware called Shlayer.

Shlayer is a trojan downloader that spreads through fake applications. It bombard users with an influx of adware.

Shlayer also works by intercepting web traffic, and replacing ads with its own, fraudulently making money for its operators.

In a report by Apple Insider, Peter Dantini noticed that a Flash installer adware campaign featured malicious code that was notarized by Apple.

The effect of that notarization is that the installer wouldn’t be blocked by the built-in Gatekeeper security function. If a user clicked on it, the installer would simply run and deliver its payload on a system.

Peter Dantini, a college student, discovered the notarized version of Shlayer while navigating to the homepage of the popular open source Mac development tool Homebrew.

Peter had accidentally typed a web address different from the one he intended, and he was redirected to a number of fake Adobe Flash update page.

After intentionally downloading the malware, MacOS gave the standard warning, but did not block the program from running. He then forwarded the information to Apple’s Patrick Wardle.

According to the cybersecurity and antivirus company, Kaspersky, Shlayer is the most common threat faced by MacOS users.

Apple noted that malware constantly changes, so it is likely that bad actors will again submit malicious payloads to Apple’s notarization process.
Apple, however, revoked the malwares’s notarization, and disabled the developer’s account.

“Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allow us to respond quickly when it’s discovered.”

In a continued statement to TechCrunch, Patrick Wardle said:

“Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.”

In a move to prevent adware and ransomware, Apple started a process of “notarizing” all macOS applications, a vetting process designed to weed out illegitimate or malicious apps.

The notarization is also extended to software distributed outside of the Mac App Store, or users wouldn’t be able to run them without special workarounds.

598 posts

About author
When I'm not reading about tech, I'm writing about it, or thinking about the next weird food combinations to try. I do all these with my headphones plugged in, and a sticky note on my computer with the words: "The galaxy needs saving, Star Lord."
Related posts
Big StoryNews

WhatsApp is working to allow users to Pin Messages in a chat list

2 Mins read
WhatsApp is reported to be currently working on a “Pin Message” feature, the ability to pin down a message. FYI what we…
Big StoryNews

Twitter Begins Testing Government ID-Based Verification for Blue Subscribers

2 Mins read
Twitter is reportedly testing a feature that allows subscribers to submit government-issued ID to have their profiles verified on the platform. Code-level…
Big StoryMobileNews

WhatsApp Begins Listing Common Groups in Contact Search Results for Some Beta Testers

2 Mins read
WhatsApp, the popular messaging app owned by Meta, has started testing a new feature on the latest beta version of the app…
Get powered up with Techpadi Newsletter

Be the first to know what's happening in the African tech space

Leave a Reply