Security researchers at antivirus firm Intego have discovered a new Mac malware in the wild that tricks users into bypassing modern macOS app security protections.
In macOS Catalina, Apple introduced new app notarization requirements. The features, baked in Gatekeeper, discourage users from opening unverified apps — requiring malware authors to get more creative with their tactics.
As an example, Intego researchers have discovered a new Trojan horse malware actively spreading in the wild via poisoned Google search results that tricks users into bypassing those protections themselves.
The malware is delivered as a .dmg disk image masquerading as an Adobe Flash installer. But once it’s mounted on a user’s machine, it displays instructions guiding users through the malicious installation process.
In a tactic described by Intego as “novel,” the malware asks users to right-click and open the malware instead of double-clicking it. Per macOS Catalina Gatekeeper settings, this displays a dialogue box that has an “Open” button. Normally, when clicking an unverified file, Apple doesn’t allow users to open them so conveniently.
Read more at AppleInsider.com
