Apple falls foul of an adware campaign, shatters the belief that macOS is less likely to get infected by viruses. A college student found an Apple approved malware, the notorious Shlayer, known for pushing fake Adobe Flash Player updates which accidentally got notarized twice.
Cupertino tech giant Apple landed in hot water for malicious adware that slipped past Apple security policies accidentally. Â
Last week, Peter H DantiniOpens a new window , a college student, first spotted the Shlayer adware being distributed over homebrew.sh, after he accidentally landed on the website. He found that the webpage would aggressively recommend updates for Adobe Flash Player after several redirects.Â
To his surprise, the malicious payload, cloaked as an ‘update’ wasn’t blocked by Apple’s macOS. Other affected versions include macOS Catalina and Big Sur. Post that, security researcher Patrick Wardle alerted Opens a new window Apple about the approved malware, a fake Adobe Flash Player update that could potentially spell trouble for macOS users.
📠New Blog Post: “Apple Approved Malware”:
Unfortunately we didn’t have to wait long before hackers found a way to (ab)use Apple’s new notarization service to get their malware approved! ðŸ˜
Have a read! 👀 pic.twitter.com/XKYHhUyd3lOpens a new window
— Objective-See (@objective_see) August 31, 2020Opens a new window
Once the malware was reported to Apple, the company quickly revoked the code-signing certificate(s) that were used to sign the malicious payloads. Reportedly, two days after AppleOpens a new window revoked the notarization certificates, the adware surfaced again with notarization from a different Apple Developer ID. Â
Apple follows an automated security screening process called ‘notarization’ that was introduced in 2019 to ward off malicious attempts targeted at macOS users. The stringent process has successfully kept threat actors at bay since it was introduced, even as attacks against Apple’s OS surged. According to a 2019 Kaspersky reportOpens a new window , in the first half of the year, nearly 6 million phishing attacks on macOS users were detected. The report highlights that a majority of threats hitting macOS in 2019 fall in the adware category and ShlayerOpens a new window , macOS malware which masquerades as Adobe Flash Player is the key culprit.Â
 See Also: American Payroll Association Hit With Credit Card Skimming Attack
Great work by @patrickwardleOpens a new window . Lessons learned:
👾macOS is not immune to malware – you are probably underestimating this risk
📈Non-Windows threats are demonstrably on the rise
🛡ï¸Stay ahead of the game: defend your non-Windows assets with the same rigour— Wietze (@Wietze) August 31, 2020Opens a new window
Shlayer is deemed as one of the most dangerous Mac adwares that slips in payloads. Not only can Shlayer adware intercept traffic over the web and replace it with ads, but it can also affect system configurations and preferences. Mac security researcher and Director of Mac and Mobile at Malwarebytes Labs Thomas ReedOpens a new window explains, “Adware and PUPs can actually be far more invasive and dangerous on the Mac than “real†malware. They can intercept and decrypt all network traffic, create hidden users with static passwords, make insecure changes to system settings, and generally dig their roots deep into the system so that it is incredibly challenging to eradicate completely.â€
A spokesperson for Apple told TechCrunchOpens a new window , “Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allow us to respond quickly when it’s discovered. Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.â€
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!