{"id":30554,"date":"2020-10-30T15:12:26","date_gmt":"2020-10-30T19:12:26","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=30554"},"modified":"2021-06-05T20:58:51","modified_gmt":"2021-06-06T00:58:51","slug":"more-notarized-mac-malware","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2020\/10\/30\/more-notarized-mac-malware\/","title":{"rendered":"More Notarized Mac Malware"},"content":{"rendered":"<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-notarizes-new-mac-malware-again\/\">Joshua Long<\/a> (via <a href=\"https:\/\/www.zdnet.com\/article\/apple-notarizes-six-malicious-apps-posing-as-flash-installers\/\">Catalin Cimpanu<\/a>, <a href=\"https:\/\/twitter.com\/campuscodi\/status\/1319708299097460737\">tweet<\/a>, <a href=\"https:\/\/twitter.com\/patrickwardle\/status\/1319757189066616837\">Patrick Wardle<\/a>):<\/p>\n<blockquote cite=\"https:\/\/www.intego.com\/mac-security-blog\/apple-notarizes-new-mac-malware-again\/\"><p>For the second time in six weeks, Apple has been caught notarizing Mac malware.<\/p><p>Intego <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-notarizes-dozens-of-mac-malware-samples\/\">previously reported<\/a> that Apple inadvertently notarized more than 40 malware samples in August.<\/p><p>This time, rather than the notarized malware belonging to the OSX\/Shlayer and OSX\/Bundlore families, the latest malware is from the OSX\/MacOffers (aka MaxOfferDeal) family.<\/p><p>[&#8230;]<\/p><p>The new malware uses a technique called steganography to hide its malicious payload within a separate JPEG image file, which is likely why the malware was able to slip past Apple&rsquo;s notarization process.<\/p><\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/08\/31\/notarized-mac-malware\/\">Notarized Mac Malware<\/a><\/li>\n<\/ul>\n\n<p id=\"more-notarized-mac-malware-update-2021-06-05\">Update (2021-06-05): <a href=\"https:\/\/twitter.com\/ConfiantIntel\/status\/1367490751957975058\">ConfiantIntel<\/a> (via <a href=\"https:\/\/twitter.com\/patrickwardle\/status\/1367930566356606978\">Patrick Wardle<\/a>):<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/ConfiantIntel\/status\/1367490751957975058\"><p>@lordx64 found yet another @Apple notarized App, this time it is a backdoored Electrum Wallet<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Joshua Long (via Catalin Cimpanu, tweet, Patrick Wardle): For the second time in six weeks, Apple has been caught notarizing Mac malware.Intego previously reported that Apple inadvertently notarized more than 40 malware samples in August.This time, rather than the notarized malware belonging to the OSX\/Shlayer and OSX\/Bundlore families, the latest malware is from the OSX\/MacOffers [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2020-10-30T19:12:30Z","apple_news_api_id":"360d4919-8e1d-4a23-9a8b-fd07c9ab99b3","apple_news_api_modified_at":"2021-06-06T00:58:55Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAA==","apple_news_api_share_url":"https:\/\/apple.news\/ANg1JGY4dSiOai_0HyauZsw","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[466,177,30,1666,504,1842,48],"class_list":["post-30554","post","type-post","status-publish","format-standard","hentry","category-technology","tag-codesigning","tag-jpeg","tag-mac","tag-macos-10-15","tag-malware","tag-notarization","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/30554","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=30554"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/30554\/revisions"}],"predecessor-version":[{"id":32719,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/30554\/revisions\/32719"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=30554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=30554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=30554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}