Home / Mac / Apple Notarized Malware by Mistake, hackers ran it through third party website

Apple Notarized Malware by Mistake, hackers ran it through third party website



  • Notarized apps should be safe on macOS
  • Threat actors try to distribute “approved” malware through the site
  • Apple revoked certificates, but malware is still up

Apple’s notarization system put a piece of malicious software into the macOS ecosystem, allowing attackers to load aggressive adware on devices from people visiting a website.

macOS users believe Apple is protecting them from malicious software. The company often said that it has the most secure operating system, which is true to some extent. Furthermore, the company has a notarization system for all new applications. Without going through this system, where Apple checks the software before letting it run on the platform, the software cannot even run.

Twitter user Peter Dantini saw that the website homebrew.sh (close name with the official brew.sh) ran a very aggressive adware campaign. Users will recognize these attempts when a website tries to persuade users to get the latest Flash Player (actually a malware in disguise), a program that has already been phased out. If the user agrees to install the software, macOS will not run it because it is not approved.

Dantini informed security researcher Patrick Wardle about the campaign and noticed that the software that was trying to run was notarized. This means that it passed through Apple’s hands, making this the first (known) example of notarized malware.

The software installs one of the most common malicious programs on macOS, called Shlayer, which distributes various aggressive adware. It’s not as harmful as it may be, but the fact that Apple approved it raises serious questions.

“As mentioned, Apple (fast-ish) revoked the Developer Code signing certificate (s) that were used to sign the malicious payloads,” said Wardle. “This happened on Friday 28. August. Interestingly, as of Sunday, August 30, the advertising campaign was still live and served new payloads. Unfortunately, these new payloads are (still) notarized. ”

Use should be cautious with sites that want to install software locally, regardless of platform. Having a security solution installed on your device is also always helpful.

*** This is a syndicated blogger Network syndicated blog from HOTforSecurity authored by Silviu STAHIE. Read the original post at: https://hotforsecurity.bitdefender.com/blog/apple-notarized-malware-by-mistake-hackers-ran-it-through-third-party-website-24060.html


Source link