In recent years the growing threats to Apple computers have gone mainstream and cybercriminals are doing everything they can to exploit the publicly disclosed vulnerabilities.
The Shlayer malware was recently abused by a perilously bad vulnerability in macOS and downloaded second-stage malicious payloads after bypassing Apple’s Gatekeeper, Notarization, and File Quarantine security checks. The logic flaw — reported by a security investigator — was in the place of security systems in the operating system itself.
- Strategically designed by the attackers, the malware tricks macOS into allowing it to run even if it didn’t pass the safety checks.
- This was classified as the most dangerous macOS phishing payload by the researcher as the victim only has to extract the seemingly benign .dmg or .zip file and double click the payload.
- Additionally, this vulnerability has the potential to misclassify specific apps that can lead to the policy engine bypassing essential security logic.
Other Similar macOS threats
- A security flaw in the official Homebrew Cask repository was recently diagnosed and patched that could have been exploited to execute arbitrary code on target machines with Homebrew installed.
- Web-browserify, a new malicious package was discovered in the npm registry. By leveraging macOS this flaw targeted NodeJS developers.
- In order to infect the macOS, the threat actors were found propagating the XcodeSpy macOS malware.
In its macOS Big Sur 11.3, the zero-day has been fixed by Apple. Hence, users are urged to update their users to update their version to the latest version so that Gatekeeper will be able to block this payload. Shlayer operators are notorious to find ways to achieve their objectives. It is therefore up to users to avoid the noose of this said malware.
To read more, please check eScan Blog
