Shlayer, a common macOS Trojan, received Apple's notary certification and place in the App Store -- twice.
Shlayer, a Trojan that infects up to one in 10 of all global MacOS systems, received a huge leg up in its infection campaign when Apple blessed an infected application as "safe" and gave it a place in the App Store.
Peter Dantini, a college student, initially discovered the signed software through a mistake in typing the URL for "Homebrew," a macOS package manager.
Dantini contacted Patrick Wardle, principal security researcher at Jamf, who confirmed the find and notified Apple on Aug. 28. Apple revoked the application's certificate the same day, but Wardle found Shlayer signed with a different Apple Developer ID on Aug. 30 and once again notified Apple.
Apple's "walled garden" has developed a reputation for keeping users safe from malicious applications. While the system has historically worked well, any application that slips through the system's defenses can quickly spread since relatively few macOS users see the need for anti-malware software.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024