Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Apple unwittingly authorized this common Mac malware

Image Description

Apple’s much-celebrated security system has been found to have mistakenly authorized a Mac malware campaign, allowing it to run free on macOS devices.

Since February, Apple has required all applications running on macOS (including apps sourced from outside the official Mac App Store) to be fully vetted before a user can run the executable file.

However, a Shlayer adware campaign managed to circumvent these tightened security filters, despite remaining largely identical to previous known strains.

Mac malware

Apple has long enjoyed a reputation as manufacturer of the most secure devices around, which have been described as immune to the various cyberthreats facing Windows OS.

However, while it is technically true that malware designed to target Windows devices cannot run on macOS, Apple devices can still be vulnerable to similar threat types.

In this instance, attackers targeted macOS devices with Shlayer adware, designed to intercept browser queries and feed its own ads into search results, generating significant sums in revenue for its operators.

The Mac malware was previously found to be distributed by over 1,000 websites, each of which disguised the download in a slightly different fashion. At its peak, Shlayer was reportedly present on 10% of all Mac computers.

This latest malware campaign was discovered by college student Peter Dantini, who happened across a Shlayer download hosted on a fake Adobe Flash landing page. He was surprised to learn that macOS did not intervene when he deliberately attempted to activate the download, as it is designed to do.

Dantini passed his discovery over to security researcher Patrick Wardle - who recently identified a bug sequence that could be used to hijack Mac devices - to investigate further and liaise with Apple.

“I had been expecting that if someone were to abuse the notarization system it would be something more sophisticated or complex,” said Wardle. 

“But in a way I’m not surprised that it was adware that did it first. Adware developers are very innovative and constantly evolving, because they stand to lose a ton of money if they can’t get around new defenses.”

Apple was notified of the issue on August 28 and claims to have withdrawn the malware’s notarization certificate on the same day.

“Malicious software constantly changes, and Apple’s notarization system helps us keep malware off the Mac and allow us to respond quickly when it’s discovered,” said the firm.

“Upon learning of this adware, we revoked the identified variant, disabled the developer account and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe.”

However, Wardle found that Shlayer was still alive and kicking two days later, notarized using a different Apple Developer ID. It is currently unclear how Shlayer continues to deceive the application vetting process.

Via WIRED

Date

01 Sep 2020

Sources


Share


Other Blog

  • GoDaddy sells $800m stake to private investor firm

    American hedge fund Starboard Value acquired a 6.5% stake in GoDaddy, a filing with the US Securities and Exchange Commission (SEC) has shown. 

    The deal had cost the fund approximately $800 million, according to the Wall Street Journal.

    According to the filing, the fund believed shares in the web hosting group were "undervalued" and represented "an attractive investment opportunity".

    Fall and rise

    Even though the price of GoDaddy’s shares has been steadily climbing for the last five years, the sentiment shifted last summer, when the price dropped from a July high of $90.33, to a November low of 65.70. 

    In November, news broke of a data breach at website builder WordPress which affected 1.2 million of GoDaddy’s users - and also pushed the company's stock price downwards to bottom at $65.70.

    In the last 24 hours, the news of the acquisition propelled the price upwards, erasing almost all of the recent downside movement. At press time, the price is $82.35, but still down some 8.8% from its July high.

    Pushing GoDaddy to do better

    "Depending upon overall market conditions, other investment opportunities available to the Reporting Persons, and the availability of shares at prices that would make the purchase or sale of shares desirable, the Reporting Persons may endeavor to increase or decrease their position in the Issuer through, among other things, the purchase or sale of shares on the open market or in private transactions or otherwise, on such terms and at such times as the Reporting Persons may deem advisable," the filing said, suggesting that Starboard isn’t just looking at this as an opportunity to make money. 

    The WSJ added that Starboard is planning to “push” the company to improve its performance as well.

    GoDaddy’s fourth quarter was better than many analysts predicted. It posted earnings of 58 cents per share, last month, as well as a 14.2% increase in group revenues, topping at $960 million.

    For the current fiscal year, GoDaddy says its overall revenue will be around $3.7 billion.

    Read More
  • Hackers could be launching 'sneak attacks' against your smartphone

    Cybercriminals are targeting mobile devices with increasingly sophisticated campaigns.

    Read More
  • Keeping up with Facebook

    RingCentral looks at how customers are going to soon expect one-digital interactions with businesses.

    Read More
  • WoW! That World of Warcraft: Shadowlands Afterlives animation is everything I needed

    World of Warcraft: Shadowlands is just a couple months away, but these Animations are definitely enough to tide me over until then.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us