قالب وردپرس درنا توس
Home / Tips and Tricks / Apple accidentally listed malware as safe software for macOS – Review Geek

Apple accidentally listed malware as safe software for macOS – Review Geek



A blurry MacBook Pro
Goran Bogicevic / Shutterstock

Last year Apple asked all third-party macOS developers to submit software for notarization. The process scans an app for malicious components and then adds a flag that indicates that Apple did not find anything when a user tried to open it. If your software is not notarized, macOS Catalina will not run. That all sounds good, but then Apple accidentally notarized malware disguised as a Flash Update program.

Security researcher Patrick Wardle reports that Apple has notarized an app that contains malware called Shlayer. Shlayer works like a Trojan horse and spreads through fake programs to flood users with adware. In this case, the software looks like a Flash updater, but replaces websites (including from encrypted sources) and advertisements with its own advertisements.

According to Wardle, Shlayer is the most widespread form of malware on macOS. So it̵

7;s a bit surprising that Apple’s scans didn’t detect this. But as Wardle notes, Schlayer’s developers are pretty good at deploying the malware in novel ways to bypass Catalina’s security.

Wardle reported his results to Apple, which in turn revoked the certification and the developer accounts involved. It didn’t take long for the Shlayer developers to release yet another payload that gained re-certification. Wardle has already reported this variant to Apple and has been blocked since then. The game of cat and mouse will likely go on for a long time.

via TechCrunch




Source link