Apple’s security check fails second time in six weeks

Once installed, the apps would download and install the OSX/MacOffers malware.

Updated - October 26, 2020 05:34 pm IST

Published - October 26, 2020 05:28 pm IST

Malicious apps bypass Apple security checks second time in six weeks.

Malicious apps bypass Apple security checks second time in six weeks.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Six malicious apps that posed as Adobe flash player have bypassed Apple’s App notarisation process for the second time in the past six weeks, according to Joshua Long, Chief Security Analyst at Mac security software maker Intego.

Once installed, the apps would download and install the OSX/MacOffers malware. The virus uses a technique that hides the malicious payload within a separate JPEG image file, which is why it slipped past Apple’s notarisation process.

Apple notarisation is a security protection system introduced earlier this year. Mac software developers submit their apps to Apple. An automated system scans software for malicious content and checks for code-signing issues with an aim to assure users that the Developer ID-signed software has been checked by Apple.

If the software appears to be malware-free, Apple notarises the app and place it in the whitelist inside the Apple Gatekeeper security service. After an app it notarised, it becomes much easier for users to run the app on macOS Mojave, macOS Catalina, and the upcoming macOS Big Sur.

This increases the chances of a victim installing Trojan horse malware that sneaked through the security process undetected. This marks the second incident of Apple notarising Mac Malware samples after the first known incident occurred in late August.

Mac malware researcher Matt Muir discovered the first sample while hunting for malware that removes registration requirements or other restrictions that limit software functionality.

While Long said nobody should believe any site that prompts them to download or update Flash. Most malware makers are able to succeed with Flash installers since many users are unaware that Adobe plans to discontinue security updates for the real Flash Player at the end of this year and browsers have already dropped support for Flash Player or disable it by default.

Never install Flash Player if you’re prompted to; it’s a telltale sign of malware,” Long mentioned.

Apple has revoked the malware developer’s known certificate but it won’t necessarily help Macs that have already been infected.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.