Apple Notarizes Six Malicious Apps Posing As Flash Installers

apple-malware.jpg
Image: Maria Teneva

Malware authors have managed to pass malicious apps through the Apple app notarization process for the second time this year and the second time in the past six weeks.

App notarization is a recent security protection formally introduced by Apple earlier this year.

It is a process that requires Mac app developers to submit their apps to Apple for a series of automated security scans that check for malware or other malicious code patterns.

Apps that pass through the scans are "notarized," meaning they are added to a whitelist inside the Apple GateKeeper security service.

Once added to the GateKeeper whitelist, notarized apps can be opened and installed with a simple click, without any warnings or popups.

App notarization has been mandatory for all apps that want to run on Apple's newest macOS releases, like Catalina and Big Sur.

The notarization process has been warmly received by both app users and developers, as it removed some of the friction of installing apps on macOS.

First wave of notarized malware

However, similar to Bouncer, the automated security system that scans Android apps before they are uploaded on the Google Play Store, Apple's app notarization process was never expected to be perfect.

The first malicious apps that managed to pass through the notarization process and get whitelisted on newer versions of macOS were discovered at the end of August[12].

In total, 40 apps passed through, apps that were infected with the Shlayer trojan and the BundleCore adware.

Second wave of notarized malware

But in a report published this week, Joshua Long, Chief Security Analyst for Mac security software maker Intego, said his company discovered six new apps that passed through the notarization process.

The six notarized apps posed as Flash installers, Long told ZDNet today. Once installed, the apps would download and install the OSX/MacOffers adware.

"OSX/MacOffers is best know for modifying the search engine in the victim's browser," Long told ZDNet.

Long said the six apps have now been de-notarized.

"Apple revoked the developer certificate while the malware was under investigation, before we had a chance to report it to Apple," Long told us.

"It's unclear how Apple became aware of it; perhaps they might have gotten a report from another researcher investigating the malware, or perhaps from a Mac user who encountered it in the wild."

With Adobe set to retire Flash at the end of the year, Long urged users to stop downloading and installing Flash installers.

RECENT NEWS

Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals

The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more

AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments

Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more

Technology Sector Fuels U.S. Economic Growth In Q2

The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more

Tech Start-Ups Advised To Guard Against Foreign Investment Risks

The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more

Global IT Outage Threatens To Cost Insurers Billions

Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more

Global IT Outage Disrupts Airlines, Financial Services, And Media Groups

On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more