Hackers are constantly looking for ways to trick victims into sneaking malicious software. It is true that we also have better and more capable tools to protect ourselves, but new techniques are always emerging that can compromise us. Today we echo a news story that reports on how they managed to trick Apple into trusting what was actually malware .
Apple has trusted a malware
These are specifically malicious Shlayer applications . Those responsible for this threat have managed to trick Apple into being part of the certification, into indicating that it is actually something safe.
As we know, for a few months all software that comes in from outside the official Mac App store must be certified by Apple. One way to avoid the entry of malware, to ensure that any program that a user installs will be reliable and will not be a threat.
It basically works in a way that software developers send their code to the macOS platform so that they use this service from Apple to verify that it is really safe . It is an automated system that scans software for code that may be malicious and be a danger to users.
Once this software has passed the verification process, it can be installed by users on the system. It becomes, in short, a safe program that Apple trusts and allows it to be installed.
This is what happened to malicious Shlayer applications. They have managed to trick Apple into considering it legitimate, secure, and allow users to install it without any problem.
The verification process has failed
This has shown that the process to verify whether a software is safe or not has failed. It has accepted something that is actually malware as safe, so users have been able to install it thinking that it is something legitimate, something reliable, but that it could have affected security and privacy.
These Shlayer threats, which were specifically adware, could have been installed on any device with macOS without the system blocking it and pointing it out as a security threat.
Logically this has allowed the hackers behind this malware to sneak malicious payloads. It affects users with macOS Catalina, but also those who use the macOS 11.0 Big Sur version.
As they had Apple’s seal of approval , users did not hesitate to install it. They saw it as something reliable and that it was not going to cause problems.
The security researchers who discovered the problem alerted Apple and immediately revoked that security certificate.
Keep in mind that Shlayer is one of the most common threats at Apple. In fact, according to a Kaspersky report from January this year, it attacks more than 10% of all computers that use this system.
All this means that we must always take precautions when browsing the net. It does not matter what operating system we are using. Common sense must always prevail, have security tools and of course have updated systems. We leave you an article with tips to avoid the entry of malware.