To his surprise, macOS popped up its standard warning about programs downloaded from the internet, but didn't block him from running the program. Curious about what malware he might find, Dantini downloaded it on purpose. The page he landed on redirected a number of times to a fake Adobe Flash update page. Dantini accidentally typed something slightly different than brew.sh, the correct URL. But it's the first known example of malware being notarized for macOS.Ĭollege student Peter Dantini discovered the notarized version of Shlayer while navigating to the homepage of the popular open source Mac development tool Homebrew. It's not clear how Shlayer slipped past Apple's automated scans and checks to get notarized, especially given that it's virtually identical to past versions.
The malware exhibits standard adware behavior, like injecting ads into search results. The campaign is distributing the ubiquitous "Shlayer" adware, which by some counts has affected as many as one in 10 macOS devices in recent years. Seven months later, though, researchers have found an active adware campaign attacking Mac users with the same old payloads-and the malware has been fully notarized by Apple.
#Adobe flash update for mac constantly popping up software#
Even software distributed outside of the Mac App Store now needs notarization, or users wouldn't be able to run them without special workarounds. In an attempt to crack down on growing threats like adware and ransomware, in February Apple began "notarizing" all macOS applications, a vetting process designed to weed out illegitimate or malicious apps. For decades, Mac users had to worry less about malware than their Windows-using counterparts, but over the last few years that's begun to change.
0 kommentar(er)
