Malicious Apps Repeatedly Bypassed Apple App Notarization

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Researchers found repeated successful attempts by criminals to bypass Apple’s app notarization – security check for apps outside Mac App Store. At least six malware-containing apps successfully bypassed app notarization in a recent wave.

App Notarization Bypassed

Reportedly, researchers from Intego, a security firm aimed at Apple products, have found at least two waves of malicious apps that bypass Apple’s app notarization process.

Briefly, Apple launched ‘App Notarization’ earlier this year as an additional check for Mac apps outside the Mac App Store. It’s an automated app scan process (not to be confused with App Review) that notarizes safe apps. Such notarized apps then easily pass through the Apple Gatekeeper check before download.

In this way, users can trust the safety of the app given Apple’s notarization.

However, Intego recently found that multiple malicious apps have bypassed app notarization quite easily.

At first, in late August 2020, they disclosed dozens of notarized apps containing malware related to the OSX/Bundlore and OSX/Shlayer families.

Then, recently, they have shared details about another wave of such malicious notarized apps. This time, the Mac apps contained the malware from the OSX/MacOffers (aka MaxOfferDeal) family.

As explained in their post, they found six different apps that initially had a 0% detection rate on VirusTotal. Even later, the apps had a very low detection rate.

These apps employed steganography that potentially helped the apps bypass notarization.

What To Do?

Apple already revoked the Developer ID used for notarizing the malicious apps.

However, researchers fear that bypassing app notarization may continue to be a problem. It’s because the cybercriminals would likely employ different techniques to evade malware detection.

Perhaps, we already witness such bypass attempts in the case of Android as well, where apps easily bypass Play Protect.

Thus, the onus to remain safe eventually falls to the end-users again, especially while downloading apps from third-party sources.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!