New post Need visibility? Apply for a FREE post for your Startup.  Apply Here


Apple’s Automated Notarization Approves Malware For MacOS, Accidentally

1 Mins read

Security researchers have found an active malware attacking MacOS users, and interestingly, the malware was fully notarized by Apple.

The malware was disguised as an update for Adobe Flash Player to run on MacOS.

The Malware, according to security researcher, Patrick Wardle, contained code used by a well-known malware called Shlayer.

Shlayer is a trojan downloader that spreads through fake applications. It bombard users with an influx of adware.

Shlayer also works by intercepting web traffic, and replacing ads with its own, fraudulently making money for its operators.

In a report by Apple Insider, Peter Dantini noticed that a Flash installer adware campaign featured malicious code that was notarized by Apple.

The effect of that notarization is that the installer wouldn’t be blocked by the built-in Gatekeeper security function. If a user clicked on it, the installer would simply run and deliver its payload on a system.

Peter Dantini, a college student, discovered the notarized version of Shlayer while navigating to the homepage of the popular open source Mac development tool Homebrew.

Peter had accidentally typed a web address different from the one he intended, and he was redirected to a number of fake Adobe Flash update page.

After intentionally downloading the malware, MacOS gave the standard warning, but did not block the program from running. He then forwarded the information to Apple’s Patrick Wardle.

According to the cybersecurity and antivirus company, Kaspersky, Shlayer is the most common threat faced by MacOS users.

Apple noted that malware constantly changes, so it is likely that bad actors will again submit malicious payloads to Apple’s notarization process.
Apple, however, revoked the malwares’s notarization, and disabled the developer’s account.

“Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allow us to respond quickly when it’s discovered.”

In a continued statement to TechCrunch, Patrick Wardle said:

“Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.”

In a move to prevent adware and ransomware, Apple started a process of “notarizing” all macOS applications, a vetting process designed to weed out illegitimate or malicious apps.

The notarization is also extended to software distributed outside of the Mac App Store, or users wouldn’t be able to run them without special workarounds.

Don’t miss any tech news ever!

We don’t spam! Read our privacy policy for more info.

805 posts

About author
When I'm not reading about tech, I'm writing about it, or thinking about the next weird food combinations to try. I do all these with my headphones plugged in, and a sticky note on my computer with the words: "The galaxy needs saving, Star Lord."
Related posts

Flutterwave suffers another major security breach, loses billions

1 Mins read
Nigerian fintech unicorn, Flutterwave, has suffered yet another devastating security breach, with unknown perpetrators illegally diverting billions of naira into unauthorized accounts…

Nigeria to open Startup House in San Francisco Tech Hub

1 Mins read
The Nigerian government is making a bold move to establish a stronger presence in the global technology scene. The Federal Executive Council…

Relief comes as MainOne completely restores subsea cable

1 Mins read
Internet users across West Africa can breathe a sigh of relief as MainOne, a leading subsea cable operator, has successfully completed repairs…
Newsletter Subscription

🤞 Don’t miss any update!

We don’t spam! Read more in our privacy policy

Join our Telegram channel here -

Leave a Reply