New malware comes as a flash installer and tricks gatekeepers on the Mac

Malware comes as a flash installer

The current warning message comes from Integowho of course always use such finds to advertise their antivirus program on the Mac. That is okay in and of itself, but it is not only with malware that you need to be careful with antivirus software.

why me do without antivirus software on the Mac, I had already explained. Nevertheless, I would like to briefly repeat the following: All antivirus software interferes deeply with the system and it is not uncommon for the security gaps in these programs to be more serious than for the operating system. In addition, Apple takes care of so-called "silent updates" that Mac stays clean and known malware is kept away. Just like they do had done with the Zoom appwho was doing really bad things on the Mac.

In this article I explain why you shouldn't install antivirus software on your Mac. AV apps are not only unreliable, they are also a target for attack. A conscious use of the computer is much better!

Why you shouldn't install antivirus software on your Mac: AV apps are not only unreliable, they are also a target for attack. A conscious use of the computer is much better!

New malware uses the user to bypass gatekeepers

According to Intego, the fact that malware is installed via programs that pretend to be Flash players is old hat. These fake flash installers have been used for a good 10 years to install other - malicious - software on the user's computer in addition to the flash player.

However, Apple has always raised the security bar with the macOS versions, so that installers for malware first have to receive admin rights before they can write themselves into the system.

The supposed flash player wants you to run it without the gatekeeper - why only (graphics: Intego).

The supposed flash player wants you to run it without the gatekeeper - why only (graphics: Intego).

The warnings of the "watchdog" on the Mac

If you were to install the "real" Flash player, the software would come from a certified developer - namely Adobe. Since the malware developers are of course not a verified developer at Apple, the Mac throws a warning message when the installer starts and prevents it from starting.

As a rule, a message appears stating that only programs from verified developers and those from the App Store can be installed. This security measure is based on the Gatekeeperthat monitors what the user wants to install on the Mac.

The new malware undermines the problem by instructing the user not to start the installer with a double click, but via the context menu (right mouse button) and the menu item "Open". This eliminates the warning from the gatekeeper and the evil takes its course.

Fake Flash Installer in Google Search Results

The process of getting the user to install the flash player also shows the criminal energy that malware programmers have. They show the visitor on the websites of their network that their Flash player is out of date. In the note there is a link to download the current version - of course the malware flash player.

Google regularly scans all websites in the index for such malware, but in this case Google was not yet able to react because the malware was still very new. You also have the same problem with other search engines such as DuckDuckGo, Bing, Yahoo, Ecosia and other providers.

The user is persuaded to download the malware himself with a message that his Flash player is out of date.

The user is persuaded to download the malware himself with a message that his Flash player is out of date.

A little tip on the side: never install the flash player

I had years ago put an end to my flash player. Too many security gaps and too few, meaningful functions are the bottom line for me, the bottom line for the Flash Player.

Apart from the fact that hardly anyone uses Flash on their website these days - partly because Flash is no longer pre-installed on Apple devices - I would strongly advise against using the Flash player. This software is so affected by security gaps that one can speak of a "security hole". For this reason, please do not install anything that has anything to do with Flash.

And if a program asks you to start it with the right mouse button and "Open", then all the alarm bells should go off and the app is best thrown into the trash as soon as possible.

-
 

2 comments

  1. Froyo52 says:

    In this case, it is not the gatekeeper who is being tricked, but the user.

    • sir appleot says:

      Yes, there is some truth to it. Let's say the user is tricked into bypassing gatekeepers without knowing it.

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * .