Apple is known for its tight security measures to prevent malicious software from landing in its app store. However, security researchers found that Apple’s macOS app notarization process inadvertently approved a malware disguised as an Adobe Flash installer.
What is Notarization?
Apple introduced the notarization process to ensure that their apps are malware-free. In notarization, app developers are required to submit their apps to a scanning process to detect for any malicious codes or other security issues. If an app does not pass notarization, it gets blocked by the built-in security function.
A Fail in Notarization
Mac security researcher Patrick Wardle discovered samples of the Shlayer adware that are notarized by Apple. The Flash installer adware campaign, which featured a malicious code, was not blocked by the built-in security function. The installer would run and download its payload on the device if a user clicks on it.
It is stated that the code could have been modified to pass or break the detection that Apple might have had for this adware. Wardle’s discovery led Apple to revoke the notarized payload and disable the developer account to further prevent the malware from running on Mac computers.
Malware on App Store
Avast, a maker of digital security and privacy products, recently discovered and reported three fleeceware apps to Apple’s App Store, which overcharge users, do not provide the services they promote and appear to be fleeceware. The apps are available on the Apple App Store as Beetle VPN, Buckler VPN, and Hat VPN Pro, and according to data from Sensor Tower, a mobile apps marketing intelligence and insights company, the apps have been downloaded over 420K, 271K, and 96K times, respectively, between April 2019 and May 2020. A fleeceware has a characteristic of overcharging users for functionality that is widely available in free or low-cost apps.