A known malicious software was accidentally approved for MacOS, allowing users to run the malicious app without triggering any security warnings or blocking.
Apple has a rigorous process for ‘notarizing’ apps, a process that, according to TechCrunch, “scans an app for security issues and malicious content.” If it passes, Mac device’s Gatekeeper, a security screening software, lets the app run. If it doesn’t pass, the software will block the app, even if a user installed it on their device.
However, security researchers have found a new malware campaign, disguised as a Flash Installer, that was notarized by Apple and allowed to run on devices. The malware campaign is a form of adware and replaces site and search results with its own ads (even intercepting HTTPS sites), in order to make money via adfraud. It’s not particularly damaging but annoying at the least, and might hinder your device as the malware works in the background.
While Apple revoked the notarization status of the malware and disabled the developer account, researchers found that the same attackers were back already with “a new, notarized payload”, meaning they could infect users’ devices again.
We recommend staying away from Flash Installers if at all possible. It’s hardly ever used or needed and is famously known for carrying malicious code and software. While this adware is relatively mild, more dangerous malware may make its way into your device through a Flash Installer so you’re better off avoiding them.
To learn more about Apple’s notarization process and the allowed malware, visit TechCrunch.