North Korean malware evades Apple notarization, targets macOS users

PANews reported on November 13 that according to Cointelegraph, North Korean hackers appear to have developed malware that can evade Apple's security checks. Researchers at Jamf Threat Labs, which focuses on Apple, said the applications appear to be experimental. This is the first time they have seen this technology used to invade Apple's macOS operating system, but it will not run on the latest system. Researchers found that Microsoft's VirusTotal online scanning service reported that these applications were harmless but were actually malicious. Variants of these applications are written in Go and Python and use Google Flutter applications. Flutter is an open source development toolkit that can be used to create multi-platform applications.

Five of the six malicious apps were signed with a developer account and temporarily notarized by Apple. The domains and techniques in the malware are very similar to those used in other North Korean hacker malware, and there are signs that the malware was signed and even temporarily passed Apple's notarization process, the researchers wrote. It is not clear whether the malware has been used to attack any targets or whether the attackers are preparing a new method of dissemination. This is likely a larger-scale weaponization test.