Apple had apparently unwittingly approved a common malware to run on macOS. That’s according to a new report from cyber-security researchers, Patrick Wardle and Peter Datini, who say that the malware, named ‘Shlayer’, was disguised as an update for Adobe Flash. The software in question is a trojan downloader that anti-virus maker, Kaspersky, says is the “most common threat” to Macs. It apparently spreads through fake applications and installs adware that are often hard to get rid of.
As per the report, Shlayer was the first malware inadvertently notarized by Apple. Notarization is the process that all Mac apps need to pass in order to run unhindered on macOS. As part of the process, Apple’s ‘Gatekeeper’ security screening software scans every Mac app to detect possible security issues and malicious code. Apps passing the rigorous screening process are allowed to run, while the rest are blocked for good.
However, as it turns out, the process isn’t infallible, and at least in this one occasion, failed to isolate the offending software. According to Wardle, the problem affected not just older versions of macOS, but even the unreleased version of Big Sur, expected out later this year.
Apple initially revoked the notarization of the offending app after a heads-up from Wardle. However, the malicious actors were back soon after with a new payload that once again passed Apple’s notarization process. Apple now claims that it has blocked that second payload as well, preventing the malware from running on Macs in the future.
In a statement to TechCrunch, the company said: “Upon learning of this adware, we revoked the identified variant, disabled the developer account, and revoked the associated certificates. We thank the researchers for their assistance in keeping our users safe”.