Creators malware managed to pass malicious apps that appear as Adobe Flash installers, from the Apple app notarization process, for the second time this year. The app notarization is a security protection officially released by Apple earlier this year. This is a process that requires application developers Mac submit their applications to Apple for a series of automated security scans that check for malware or other malicious patterns code.
Applications that pass the scans are rated "notarized", which means they are added to a list of allowed within the Apple GateKeeper security service. Once added to the GateKeeper list of allowed, notarized apps can be opened and installed with a single click, without warnings or pop-ups. The app notarization is mandatory for all applications that want to run on newer ones publications Apple 's macOS, such as Catalina and Big Sur.
The notarization process was accepted by users and developers as it removed some of the friction of installing macOS applications. However, like Bouncer, the automated security system that scans applications Android before uploading to Google Play Store, the Apple app notarization process was never expected to be perfect.
The first malicious apps that managed to pass the notarization process and enter the list of allowed in newer versions of macOS, were discovered at the end of August. In total, 40 applications were infected with Shlayer trojan and the adware BundleCore.
In a report released last week, Joshua Long, chief security analyst for security software maker Intego, said his company had discovered six new applications that went through the notarization process. Long told ZDNet that the six notarized apps were introduced as Flash installers. Once installed, applications download and install adware OSX / MacOffers, which is known for modifying the search engine in the victim's browser.
It is unknown at this time what he will do after leaving the post. However, it is speculated that he may have received a warning from another malware researcher, or perhaps from a Mac user who came across this malicious activity.
As Adobe picks up Flash by the end of the year, Long urges users to stop downloading and installing Flash installers.