New malware comes as a flash installer and tricks gatekeepers on the Mac

The current warning message comes from Integowho of course always use such finds to advertise their antivirus program on the Mac. That is okay in and of itself, but it is not only with malware that you need to be careful with antivirus software.

why me do without antivirus software on the Mac, I have already explained. Nevertheless, a brief note again: All antivirus software reaches deep into the system and it is not uncommon for the security gaps in these programs to be more serious than those in the operating system. With so-called “silent updates”, Apple takes good care to ensure that the Mac stays clean and that known malware is kept away. Just like they do sometimes had done with the Zoom appwho was doing really bad things on the Mac.

New malware uses the user to bypass gatekeepers

According to Intego, the fact that malware is installed via programs that pretend to be Flash players is old hat. These fake flash installers have been used for a good 10 years to install other - malicious - software on the user's computer in addition to the flash player.

However, Apple has always raised the security bar with the macOS versions, so that installers for malware first have to receive admin rights before they can write themselves into the system.

The “watchdog” alerts on Mac

If you were to install the “real” Flash player, the software would come from a certified developer – namely Adobe. Since the malware developers are of course not verified developers at Apple, the Mac issues a warning message when the installer starts and prevents it from starting.

As a rule, a message appears stating that only programs from verified developers and those from the App Store can be installed. This security measure is based on the Gatekeeperthat monitors what the user wants to install on the Mac.

The new malware solves the problem by requiring the user to start the installer via the context menu (right mouse button) and the menu item "Open" instead of double-clicking. This eliminates the warning from Gatekeeper and the evil takes its course.

Fake Flash Installer in Google Search Results

The process of getting the user to install the flash player also shows the criminal energy that malware programmers have. They show the visitor on the websites of their network that their Flash player is out of date. In the note there is a link to download the current version - of course the malware flash player.

Google regularly scans all websites in the index for such malware, but in this case Google was not yet able to react because the malware was still very new. You also have the same problem with other search engines such as DuckDuckGo, Bing, Yahoo, Ecosia and other providers.

A little tip on the side: never install the flash player

I had years ago put an end to my flash player. Too many security gaps and too few, meaningful functions are the bottom line for me, the bottom line for the Flash Player.

Apart from the fact that hardly anyone uses Flash on their website these days - partly because Flash is no longer pre-installed on Apple devices - I would strongly advise against using the Flash Player. This software is so affected by security gaps that one can even speak of a "security hole". For this reason, please do not install anything that has anything to do with Flash.

And if a program asks you to start it with the right mouse button and "Open", then all alarm bells should go off and the app should be sent to the trash as soon as possible.

Jen Kleinholz( Founder & Sir Apfelot )

Jens has been running the blog since 2012. He acts as Sir Apfelot for his readers and helps them with technical problems. In his spare time he rides electric unicycles, takes photos (preferably with the iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions to current bugs.