An adware firm takes advantage of Mojave’s unpatched Gatekeeper vulnerability

An unpatched vulnerability, discovered inward macOS Mojave concluding month, permits attackers to completely bypass the Gatekeeper safety feature. Unfortunately, it’s right away been exploited yesteryear an adware companionship inward what’s been called a exam inward grooming of novel Mac malware.

For context, researcher Filippo Cavallarin late discovered (and reported to Apple) a safety oversight inward the macOS Mojave operating organisation that would permit a rogue app to bypass Gatekeeper protections. The vulnerability takes wages of the fact that Gatekeeper considers external drives as well as network shares every bit rubber locations, allowing malware to last launched from these locations without Gatekeeper’s intervention.

Security researchers over at Intego now point us to 4 disk images, disguised every bit Adobe Flash Player installers, that were uploaded yesteryear an adware theatre to VirusTotal. Intego researchers claim this is a exam inward grooming for distributing novel Mac malware, called OSX/Linker, that attempts to leverage the aforementioned zero-day flaw inward macOS’ Gatekeeper protection.

The 4 samples, uploaded on June half-dozen inside hours of the creation of each disk image, all link to a now-removed app on an Internet-accessible NFS server.

Intego notes that the dynamically linked Install.app seemed to last a placeholder that did non exercise much other than exercise a temporary text file, simply that could easily modify on the server side at whatever fourth dimension without the disk picture needing to last modified at all.

Intego says it is hence possible that the same or newly-uploaded disk images could after get got been used to distribute an app that genuinely executed malicious code on a victim’s Mac.

One of the files was signed amongst an Apple Developer ID, suggesting the exam was created yesteryear the developers of the OSX/Surfbuyer adware. The jury is yet out every bit to whether these disk images, or subsequent ones, may get got been used inward small-scale or targeted attacks.

Share this post