In September 2020, we reported that the Shlayer malware successfully passed the notarization process and was able to run on any Mac running macOS Catalina and newer.
Apple introduced this security mechanism in February this year: any Mac software distributed outside the App Store must pass notarization procedure so it can run on macOS Catalina and above. Basically, any software for Mac now has to go through an automated scan at Apple for malware and code signing issues. If the checks are passed, the application is whitelisted and the Gatekeeper allows it to launch and install on the system without any problems.
Unfortunately, as with Bouncer (an automated security system that scans Android apps before uploading them to the Google Play Store), Apple's app notarization process doesn't work perfectly either. So, in total, more than 40 notarized applications have already been discovered, infected the Shlayer Trojan and BundleCore adware.
Now, researcher Joshua Long of Intego says he has identified more six malicious applicationsthat have successfully passed the notarization procedure.
All six "products" found pretended to be Flash installers, but in fact downloaded OSX / MacOffers adware onto victims' machines, which, in particular, interferes with the operation of the search engine in the user's browser.
The expert writes that Apple revoked the developer's certificate for these malware before Intego specialists had time to complete their investigation. It is unclear how Apple discovered these applications: perhaps the company received a warning from another cybersecurity researcher, or someone from their affected Mac users notified the company of what was happening.
As Adobe, along with other companies, plans to permanently phase out Flash support in late 2020, Long has once again urged users to stop downloading Flash installers, which are usually malicious.