The creators of the malicious software of Mac Shlayer applications, managed to gain access through payloads to Apple.
Since his February 2020, όλο το Mac software distributed outside the Mac App Store must be signed by Apple to run on MacOS Catalina or later.
Η procedure υπογραφής απαιτεί από τους προγραμματιστές να υποβάλουν το λογισμικό που δημιούργησαν για την πλατφόρμα του macOS για σάρωση μέσω της serviceApple's, an automated system designed to scan software for both malware and code signing issues.
If they pass this automated security check, applications will be accepted by macOS Gatekeeper, a macOS security feature that checks if downloaded applications have been checked for malicious content in order to run them on the system.
According to Apple, if ever there was one problem with an app, the company immediately stops new installations and is also able to prevent the app from starting.
Although the company says that the software signed for macOS is designed to give the users more security, as discovered by Peter Dantini last week, Apple was tricked by the Shlayer malware.
He discovered that the Shlayer adware is distributed through a fake and malicious σελίδαand could run on any Mac device running macOS Catalina without being automatically blocked.
This is the reason why adware managed to load the payload on its victims.
https://twitter.com/PokeCaptain/status/1300440938301607939
After Wardle reported the malware samples to Apple, the company reacted immediately and revoked the certificates (meaning they will be automatically stopped by Gatekeeper) on the same day, August 28th.
Although some Mac users believe that malware only targets Windows and that Mac devices are secure, Shlayer attacks 10% of all Mac devices, according to a January 2020 report by Kaspersky.
Shlayer was first spotted by Intego's research team, and was distributed in February 2018, disguised as a fake Adobe Flash installer Player like many other malware campaigns targeting the macOS platform.