Malicious actors are targeting Apple. Although Apple introduced a notarization mechanism to scan and prevent malicious code from running on Apple devices, attackers have found ways to circumvent this process. Such Apple-notarized malware constitutes a threat to macOS users.

Let us start by exploring what Apple notarization is. We will then discuss some recent examples of Apple-notarized malware and some prevention techniques.

What is Apple Notarization?

To inhibit the installation of malware through its App Store and from running on Apple-developed devices, Apple uses a range of technologies. These include the following:

  • App Review: Apple industry has its own set of standards and guidelines. Every application that wants to be published on the App Store needs to follow these rules in order to earn a place on the app marketplace.
  • Certificate Signing Request (CSR): This feature ensures the authenticity of an app to users and indicates that it has not been modified after code signing. The macOS Gatekeeper validates the app signing certificate and runs a security check of the application. It also uses a known malware list to scan the app. If there is an issue with the code signing certificate or if Gatekeeper detects malware, then Apple blocks the software.
  • Notarization: Apple notarization is an automatic investigatory process that checks for issues in the certificate and looks for any suspicious code running on the app. If the software clears this exam after complete verification, it receives a successful notarization ticket. This tells Gatekeeper that the package is Apple notarized, which means it is secure enough to run.

All new apps must go through these security checks before being offered to users for download via the App Store. This ensures that the software is coming from an authenticated entity and that it does not contain any malware.

What do (Read more...)