Image: TCShutter/Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Owens agreed with Wardle about how dangerous this bug was. "This payload is the most dangerous payload I personally have encountered on macOS given that it bypasses Gatekeeper, is not sandboxed, and all the user would need to do is double click," he said in an online chat. What's worse, at least one group of hackers have been taking advantage of this bug to infect victims for months, according to Jaron Bradley, detections lead at Apple-focused cybersecurity company Jamf Protect."This is likely the worst or potentially the most impactful bug to everyday macOS users [in recent memory],"
Advertisement
The first version of Shlayer that was taking advantage of this bug was dated January 9, 2021, according to Bradley. In its technical analysis of this malware, Jamf researchers said that it was designed to spread via "poisoned search engine results.""In a real-world example, users could potentially stumble upon malware when searching for any commonly used terms," Bradley and his colleagues wrote. Owens explained that the bug was in something called syspolicyd, which is tasked with assessing applications before they run. Owens said he found that he could masquerade a shell script as an app, and trick Gatekeeper into not checking it when a user double-clicked on the malicious app. This is the latest example of Mac malware in the wild. Earlier this year, security company Red Canary found a malware called Silver Sparrow, which another security company detected on around 30,000 computers. Around the same time, Wardle found another piece of Mac malware written specifically for Apple's new M1 processors. Subscribe to our cybersecurity podcast CYBER, here.Do you research vulnerabilities on Apple's products? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com