Notarized Atomic Stealer (AMOS)
After downloading and inspecting the binary, we confirmed that it was indeed both code-signed and notarized — a detail that raised immediate concern given its malicious nature.
[…]
The application itself is named “Gmeet_updater.app,” though there’s little effort to align that branding with the user experience, suggesting a rushed or careless repackaging process.
After confirming that the Developer Team ID was used to distribute malicious payloads, Jamf Threat Labs reported it to Apple. Since then, the associated certificate appears to have been revoked.
[…]
Jamf Threat Labs identified at least three distinct macOS infostealer samples that were successfully signed and notarized using the same Team ID (A2FTSWF4A2) and later distributed in the wild.
Notarization is a sad story. It doesn’t provide great security and is a barrier for many groups of people (young, indie, game developers, developers whose primary platform is not the Mac, etc…) to publish an app on the Mac. If Apple wants more games on the Mac, the first step is to make notarization free. Just make it free.
Or just get rid of it? It’s still a major pain, adding time and friction to each build. The notarization server still goes down at the most inconvenient times. There are some basic package structure and code signing checks that are useful, but these would be better if made available locally as part of Xcode. It’s not clear to me that the malware checks are adding much value over what we already get from code signing and macOS’s built-in malware detection.
I’ve lost this week trying to get my macOS app notarized
Notarization jobs would just stall and get stuck on Xcode for days!
So I wrote an email to Apple Developer Support
And the next thing I know is they TERMINATED my entire Developer Account?!
Previously:
- Locked Out of Apple Developer Accounts
- Sequoia Removes Gatekeeper Contextual Menu Override
- More Notarized Mac Malware
- Notarized Mac Malware
- The True and False Security Benefits of Mac App Notarization
2 Comments RSS · Twitter · Mastodon
It seems like Apple is killing its own platform. Do they not remember what they themselves did to Blackberry, and Microsoft for that matter?
I'm pretty sure we'll look back on this as Apple's peak hubris. These things take time to show results, and by then it's very hard to turn it around.
The next generation of developers would be insane to tie themselves to Apple. And Apple seems hell-bent on being incompatible with everything else.
How much longer are they going to strangle this golden goose?
Somebody please tell me how I'm completely wrong, how Apple is setting the next generation of developers up for success, how notarization is useful and helpful to anyone but Apple.
I am sincerely not trying to be cynical here, but it really does seem like all of Apple's actions are completely self interested.
