Search
  • OnyxModsLLC

Apple allowed malware to run on macOS


Bleeping Computer reports that Malware authors trick Apple into trusting malicious Shlayer apps




in February Apple began "notarizing" all macOS applications, a vetting process designed to weed out illegitimate or malicious apps. Even software distributed outside of the Mac App Store now needs notarization, or users wouldn't be able to run them without special workarounds. Seven months later, though, researchers have found an active adware campaign attacking Mac users with the same old payloads—and the malware has been fully notarized by Apple


Apple says that if there is a ever problem with an app, they can quickly stop installitations and even block the app from launching again.


Apple says that notarizing MacOS applications is made to give "users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components" Peter Dantini discovered last week that Apple was tricked into notarizing Shlayer Adware.



A security researcher known as Patrick Wardle confirmed that installers were delivering Shlayer adware samples notarized by Apple itself, which means that they can also infect users running the company's latest macOS 11.0 Big Sur Version.


Sadly users might trust them without thinking twice thus allowing the malware devs to spread their payloads to an even higher number of systems. After that, Wardle reported the malware samples that were notarized to Apple, the company behind macOS, the company immediately removed the certificates.



Shlayer malware sample blocked by Gatekeeper (Patrick Wardle)

Shlayer Malware also spreads via poisoned Google Search results according to threatpost.com.


References


https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/


https://www.bleepingcomputer.com/news/security/malware-authors-trick-apple-into-trusting-malicious-shlayer-apps/



https://www.wired.com/story/apple-approved-malware-macos-notarization-shlayer/

17 views0 comments

Recent Posts

See All