macOS Adware Delivers Notarized Payloads

2020-09-02 16:59

A recently identified adware campaign targeting macOS users is leveraging malicious code that has received Apple's approval.

The approval, or notarization, as Apple calls it, is an automated process through which software is scanned before reaching macOS users, to ensure that it does not include malicious code.

Apple introduced notarization following an increase in both volume and sophistication of macOS malware, aiming to provide users with increased confidence in a platform that once was being touted as free of malware affecting PCs. The adware campaign that Twitter user Peter Dantini found on the website homebrew.

Wardle has shared his findings with Apple, which revoked the certificates issued for the notarized payloads, meaning they would no longer be allowed to run on macOS. Several days after that the campaign was still actively delivering new notarized payloads, which were signed on Friday, August 28, likely after Apple took steps to block the old payloads.

"The attackers' ability to agilely continue their attack is noteworthy. Clearly in the never ending cat & mouse game between the attackers and Apple, the attackers are currently winning," Wardle concludes.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/7UtS69-nQeo/macos-adware-delivers-notarized-payloads

#adware #macos