For decades, Mac users had to worry less about malware than their Windows-using counterparts, but over the last few years that's begun to change. In an attempt to crack down on growing threats like adware and ransomware, in February Apple began "notarizing" all macOS applications, a vetting process designed to weed out illegitimate or malicious apps. Even software distributed outside of the Mac App Store now needs notarization, or users wouldn't be able to run them without special workarounds. Seven months later, though, researchers have found an active adware campaign attacking Mac users with the same old payloads—and the malware has been fully notarized by Apple.
The campaign is distributing the ubiquitous "Shlayer" adware, which by some counts has affected as many as one in 10 macOS devices in recent years. The malware exhibits standard adware behavior, like injecting ads into search results. It's not clear how Shlayer slipped past Apple's automated scans and checks to get notarized, especially given that it's virtually identical to past versions. But it's the first known example of malware being notarized for macOS.
College student Peter Dantini discovered the notarized version of Shlayer while navigating to the homepage of the popular open source Mac development tool Homebrew. Dantini accidentally typed something slightly different than brew.sh, the correct URL. The page he landed on redirected a number of times to a fake Adobe Flash update page. Curious about what malware he might find, Dantini downloaded it on purpose. To his surprise, macOS popped up its standard warning about programs downloaded from the internet, but didn't block him from running the program. When Dantini confirmed that it was notarized, he sent the in ..
Support the originator by clicking the read the rest link below.
