In February, Apple began to notarize all macOS applications in an extensive vetting process that was designed purposefully to weed out malicious apps. All software distributed outside of the Mac App Store requires a notarization now, or the programs will be unable to run on devices. However, researchers have discovered an active adware campaign that has been fully notarized by Apple. The campaign attacks Mac users with known payloads, compromising devices, and sneaking past Apple’s mitigation efforts.
The campaign involves the distribution of the Shlayer adware, which has potentially affected as many as one-tenth of macOS devices over the past few years. The malware consists of standard adware behavior, performing functions such as injecting advertisements into search results. The Shalyer malware used in the campaign is nearly identical to past versions, leaving questions as to how it passed through Apple’s notarization process. The campaign represents the first known example of notarized malware for macOS.
Read More: Apple Accidentally Approved Malware to Run on MacOS