OSX signed malware FYI

vansmith

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
It was able to get past Apple's GateKeeper settings since it was developed under and signed with a valid Apple Developer ID under the name of Rajinder Kumar. According to F-Secure, the developer ID for this individual has since been revoked, but before this news hit, the malware created with his ID was able to infect and run on a few systems, including test systems controlled by a number of security firms.
Click to expand...
Given this, I'm not sure why this is news. If he had actually managed to circumvent the process, it would be news. In this case, all he did was sign malware with a perfectly legitimate certificate which was revoked, rendering it un-installable if you have GK on. GateKeeper worked exactly as it was supposed to - it let signed software run and precluded unsigned software from doing so.
 
harryb2448

harryb2448


Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Much Ado About Nothing as the Bard wrote!
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top