Apple mistakenly signed malware to run on Mac
Information security expert Patrick Wardle published a study on the Objective-See resource that modern security mechanisms (notarization procedure and the Gatekeeper utility) in macOS Catalina can make mistakes and miss the Slayer Trojan.
Slayer malware can intercept user searches, display unwanted ads, install additional extensions in the Safari browser, and launch hidden applications. At the end of August 2020, the malicious code of one of the Slayer versions was disguised as an Adobe Flash installer and was not detected even in the beta version of macOS Big Sur as malware.
Wardle told Apple about his find. The company marked this installer as a prohibited program and deleted the developer account that posted it. But this was not enough.
After a while, other versions of Adobe Flash installers appeared on the Homebrew portal (brew.sh), which also contain the Slayer Trojan and are now being skipped by the macOS notarization mechanism. And the old and new payloads almost identical code inside them is OSX / Slayer after installation is also activated adware malware Bundle.
Slayer has been a threat to macOS users for more than two years, and its activity has remained at the same level over time. The first instances of the malware were detected in February 2018. The Trojan's code is written in the Python programming language.