Apple has inadvertently given the thumbs up to six new malware variants, according to researchers at Mac security solutions provider Intego.
Notarization is an approval process through which macOS software is scanned before being delivered to users, to identify possible malicious code before it can do any harm. The process was introduced in macOS 10.15 (Catalina) and results in code that lacks this stamp of trust being automatically blocked.
Application developers have the possibility to submit their software to Apple for scanning purposes and have it automatically notarized if deemed malware-free. Users benefit from this added protection on macOS Mojave, macOS Catalina, and the upcoming macOS Big Sur.
In September, security researchers revealed that malware pertaining to the OSX.Shlayer family was able to trick Apple’s security mechanisms into giving it the necessary approval. Some OSX/Bundlore samples also received notarization.
Now, Intego says that Apple also notarized six variants of the OSX/MacOffers (aka MaxOfferDeal) adware. In early October, the identified disk image (.dmg) files and the first-stage Trojan application had no detection in VirusTotal, although a second-stage malicious payload did trigger 4 of the 60 detection engines in the online file analysis platform.
The malware employs steganography to hide payloads within JPEG image files, and Intego believes this might have helped it bypass Apple’s notarization process.
Cracked software appears to have been used for the distribution of this notarized malware.
By including notarized malware into software that was modified to remove restrictions such as registration requirements, cybercriminals ensure that users won’t be alerted when the malicious code reaches their systems. Furthermore, notarized applications can be opened with a simple double-click.
“Therefore, there’s a significantly higher chance that victims will install Trojan horse malware that has sneaked through Apple’s notarization process undetected,” Intego points out.
Related: macOS Adware Delivers Notarized Payloads
Related: Researcher Details Sophisticated macOS Attack via Office Document Macros
More from Ionut Arghire
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
- iOS Security Update Patches Exploited Vulnerability in Older iPhones
- Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
- GoAnywhere Zero-Day Attack Hits Major Orgs
- Australia Dismantles BEC Group That Laundered $1.7 Million
- GitHub Rotates Publicly Exposed RSA SSH Private Key
Latest News
- Mandiant Catches Another North Korean Gov Hacker Group
- Microsoft Puts ChatGPT to Work on Automating Cybersecurity
- Video: How to Build Resilience Against Emerging Cyber Threats
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- SecurityScorecard Guarantees Accuracy of Its Security Ratings
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
