If a few days ago we told you that Malware had appeared in the developer application and that it could reach the Mac App Store, today we tell you that, there is one running, which has been able to bypass the security barriers imposed by Apple. security researchers Peter Dantini and Patrick Wardle found that Apple notified a popular malware that was hiding inside a Flash Player update.
Although macOS is a very secure system, the weakest part of the equation is the user. If we only downloaded applications from the Mac App Store, we would have a relatively safe computer. However, it is very common to download programs from the Web and there the vulnerability increases and Apple's defense process decreases. Although applications are obliged to notarize, it may be that malware hides somewhere, as has happened.
Apple had approved the code used by the popular Shlayer malware, which according to security firm Kaspersky is the "most common threat" faced by Macs in 2019. Shlayer is a type of adware that intercepts encrypted web traffic, including HTTPS-enabled sites. Replace them by adding your own ads, generating fraudulent ad money for operators.
It is not too dangerous, but it is very annoying and Apple does not want Mac owners to suffer its consequences. Wardle said Apple did not detect the malicious code when it was submitted and approved to run on Mac. Even in the unreleased beta version of macOS Big Sur, which is expected to come out later this year.
Apple has already put a solution, even if it is temporary, to this malware. Apple's notarization system helps keep malware off the Mac and allows you to respond quickly when discovered. Upon learning about this adware, the identified variant was revoked, the developer account was disabled, and the associated certificates were revoked.
The problem is that malicious software is constantly changing and it seems that it again seems to be available. So Apple must perform the same operation again, until you find the key to completely disable it.
