sb-as logo
Story image

Shlayer malware proves Apple devices aren't as secure as you think

09 Sep 2020

Apple’s notarisation processes, which are supposed to keep Apple software secure, are failing to live up to the company’s supposedly robust security standards, as threat actors abuse notarisation and find ways around it.

Security researchers Patrick Wardle and Peter Dantini exposed the flaws. In a blog post, Wardle says that Apple’s notarisation processes are part of the company’s aim to keep macOS malware out of its systems. He states developers must submit their software to Apple for notarisation before Apple makes them public.

Notarisation is a way to show that Apple has checked the software for malicious software or malware. MacOS then blocks (by default) any software that has not been notarised.

However, one website, which was a site that masqueraded as a site for Linux software Homebrew, got around the notarisation requirements to install a nasty version of the OSX.Shlayer malware, which was packaged to look like an Adobe Flash Player update. Essentially, the malware had Apple’s ‘stamp of approval’.

Wardle says this is the first time he has seen malicious code that has taken advantage of Apple’s notarisation process.
It is likely that the malicious software was submitted to Apple, notarised by Apple, and allowed to run on macOS. Because it was notarised, people would also be more likely to trust the software – and in turn, more likely to install it without checking first.

Wardle reported the issue to Apple, who then revoked the software’s notarisation status.

“Still, the fact that known malware got notarised in the first place, raises many questions,” Wardle says.

Malwarebytes’ director of Mac and mobile, Thomas Reed, says that the code could have contained something that broke Apple’s detection software. Or Apple had no way to detect the threat in the first place. He also says that the Shlayer malware has been around for at least a couple of years.

“Apple wants you to believe that their systems are safe from malware. Although they no longer run the infamous Macs don’t get viruses ads, Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity. Macs and iOS devices like iPhones and iPads, for that matte rare not invulnerable, and their built-in security mechanisms cannot protect users completely from infection.”

In summary – just because something is an Apple device, it doesn’t mean it’s safe.

ESET cybersecurity specialist Jake Moore adds that it’s a good reminder that Apple devices are not immune to threats. 

“The Mac operating system is targeted less often as there is a higher number of Windows users, which can net more revenue for cybercriminals. However, the fact people don’t think they are vulnerable means they may not install protection, such as antivirus, thus leaving themselves open to more risk.  

“It is important people understand that Apple devices are as vulnerable as other devices and Apple users must stay just as vigilant to threats when clicking on links and downloading attachments.”

Story image
Metallic adds data management and GDPR compliance
Now GDPR compliant, additions to the portfolio include eDiscovery features and support for Microsoft Hyper-V and Azure Blob and File storage.More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Story image
Just one click – that’s all it takes to let in cyber-crime
So how do organisations ensure that users are not compromised by simply doing their work?  The answer is surprisingly simple, writes Bufferzone Security business strategist for A/NZ Greg Wyman.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
SMBs in SEA region threatened by vastly increasing rates of cryptomining
According to Kaspersky's latest report, the global cybersecurity company has detected 1,726,799 mining attempts in the first half of this year targeting SMBs in SEA.More