Once installed, the apps would download and install the OSX/MacOffers malware.
(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Six malicious apps that posed as Adobe flash player have bypassed Apple’s App notarisation process for the second time in the past six weeks, according to Joshua Long, Chief Security Analyst at Mac security software maker Intego.
Once installed, the apps would download and install the OSX/MacOffers malware. The virus uses a technique that hides the malicious payload within a separate JPEG image file, which is why it slipped past Apple’s notarisation process.
Apple notarisation is a security protection system introduced earlier this year. Mac software developers submit their apps to Apple. An automated system scans software for malicious content and checks for code-signing issues with an aim to assure users that the Developer ID-signed software has been checked by Apple.
If the software appears to be malware-free, Apple notarises the app and place it in the whitelist inside the Apple Gatekeeper security service. After an app it notarised, it becomes much easier for users to run the app on macOS Mojave, macOS Catalina, and the upcoming macOS Big Sur.
This increases the chances of a victim installing Trojan horse malware that sneaked through the security process undetected. This marks the second incident of Apple notarising Mac Malware samples after the first known incident occurred in late August.
Mac malware researcher Matt Muir discovered the first sample while hunting for malware that removes registration requirements or other restrictions that limit software functionality.
While Long said nobody should believe any site that prompts them to download or update Flash. Most malware makers are able to succeed with Flash installers since many users are unaware that Adobe plans to discontinue security updates for the real Flash Player at the end of this year and browsers have already dropped support for Flash Player or disable it by default.
“Never install Flash Player if you’re prompted to; it’s a telltale sign of malware,” Long mentioned.
Apple has revoked the malware developer’s known certificate but it won’t necessarily help Macs that have already been infected.