Signing malware with Apple developer certificates, not only it is easy to do, but became a standard practice for macOS malware developers and that’s one of the reasons why Gatekeeper and XProtect are failing to stop this malware: it is signed. Indeed, that’s not the official Adobe installer but a fake Flash Player installer that was signed using an Apple developer certificate 2L27TJZBZM issued probably to a fake identity named : Fajar Budiarto Today’s OSX/Shlayer is still delivered through bad ads, thanks to Confiant real-time Malvertising tracking platform, we stumbled upon a malicious Advertiser who redirects victims matching certain criteria (coming from certain countries, or using macOS computers) to the following landing page, offering yet another fake Adobe Flash Player update:
Osx names of all adobe apps torrent#
First discovered in 2018, OSX/Shlayer came via a fake Flash Player updater appearing in bitTorrent file sharing websites when a user attempts to select a link to copy a torrent magnet link. OSX/Shlayer has been a very common macOS malware this year, most of the time delivered through bad ads. All these little things might convince any threat actor to look after Apple devices, and include them into the scope of targets. Finally, Apple devices are trendy, sometimes considered as a wealth indicator, or simply becoming more useful in millions of people’s everyday life. Weak malware built-in security features: macOS ships with GateKeeper and XProtect, but both of these protections can be by-passed by new malware.
Cyber criminals, APT groups, nation state actors, are extensively targeting Apple iOS/MacOS devices for various reasons: continuous innovation and development of Apple platforms leads ultimately to new attack surfaces (and more 0-days sold in the underground). MacOS malware is becoming a serious threat to mac users.
0 kommentar(er)
