Mac malware circumvents Apple’s strict new notary approval checks. On Apple’s highly acclaimed security system, found to have inadvertently allowed a Mac malware campaign. Allowing it to run for free on MacOS devices.
Since February, Apple has required a complete review of all apps running on MacOS (including apps provided outside the official Mac App Store). So, that a user can run the executable file.
However, a Shlayer adware campaign circumvented these tight security filters, although it remained largely the same as previously known species.
Apple has long had a reputation as the manufacturer of the most secure devices identified as immune to the various cyber threats facing the
Windows operating system.
However, while malware designed to target Windows, devices cannot work on MacOS. Apple devices may still be vulnerable to similar types of threats.
Here, attackers targeted MacOS devices with Shlayer adware designed to block browser queries and feed search results for their ads. Generating significant revenue for their operators.
I understood it that Mac malware had previously distributed by over 1,000 websites, each hiding the download slightly differently. At the summit, Shlayer reported to be in 10% of all Mac computers.
This latest malware campaign discovered by university student Peter Dantini. Who encountered a Shlayer download hosted on a fake Adobe Flash landing page. When he deliberately tried to activate the download as intended, he was surprise to learn that MacOS did not intervene.
Dantini passed on his discovery to security researcher Patrick Wardle. Who recently detected a sequence of errors that could intercept Mac’s devices – to do more research and connect with Apple.
“I expected it would be more complicated or complicated if someone abused the notary’s system,” Wardle said.
But I’m not surprised that the first one to do this is the advertising software. Adware developers are very innovative and constantly developing. Because if they don’t get past new defenses, they’re going to lose a ton of money. “
Apple briefed on the issue on August 28, claiming that it withdrew the notary approval certificate from the malware on the same day.
“The malware is steadily changing, and Apple’s allow approval framework lets us keep malware away from Mac.
“After we found out about this adware. We canceled the defined type, disabled the developer account, and revoked the associated certificates. We would like to thank the researchers who helped ensure the safety of our users. “
Wardle, however, found that Shlayer still alive and kicked two days later, using a different Apple Developer ID to notarized. It’s unclear how Shlayer continues to deceive the application review process.