INTRO: Apple had apparently unwittingly approved a common malware to run on macOS. That’s according to a new report from cyber-security researchers, Patrick Wardle and Peter Datini, who say that the malware, named ‘Shlayer’, was disguised as an update for Adobe Flash. The software in question is a trojan downloader that anti-virus maker, Kaspersky, says is the “most common threat” to Macs. It apparently spreads through fake applications and installs adware that is often hard to get rid of.
As per the recent report, Shlayer was the first malware inadvertently notarized by Apple. Notarization is the process that all Mac apps need to pass in order to run unhindered on macOS. As a part of the process, Apple’s ‘Gatekeeper’ security screening software scans for every Mac app to detect possible security issues and malicious code. Apps passing the rigorous screening process are allowed to run, while the rest are blocked for good.
However, as it turns out, the process isn’t infallible for now, and at least in this one occasion, failed to isolate the offending software. According to Wardle, the problem affected not just older versions of macOS, but even the unreleased version of Big Sur, expected to be unveiled out later this year.
Apple initially revoked the notarization of the offending app after a heads-up from Wardle. However, the malicious actors were back soon after with a new payload that once again passed Apple’s notarization process. Apple now claims that it has blocked that second payload as well, which will be preventing the malware from running on Macs in the future.
In a statement to TechCrunch, Apple said: “Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe”.