New macOS Cyber Attacks Exploit EV Certificates for Legitimacy
A new wave of cyber attacks targeting macOS users has been discovered. Attackers are exploiting Extended Validation (EV) certificates to lend legitimacy to malicious payloads, making detection difficult. The abuse of these certificates has been noted by security researcher @g0njxa.
The campaign begins with phishing lures that lead users to compromised websites hosting signed DMG installers. These installers bear valid Developer ID Application signatures, including one issued under the name 'THOMAS BOULAY DUVAL (J97GLQ5KW9)'. The sample's bundle identifier mimics the signer name to blend in with legitimate software distributions.
The malicious disk images are fully undetectable on VirusTotal and bypass built-in macOS security checks. Adversaries are investing in Apple EV certificates, knowing that revocation may not prevent initial compromise. Once reported, these certificates are revoked, but the damage is already done in the early stages of the campaign.
The increasing abuse of EV certificates on macOS threats highlights the evolving tactics of cyber attackers. Users are advised to remain vigilant, especially when downloading software from untrusted sources. Security researchers continue to monitor these developments to protect macOS users.
Read also:
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- SonicWall executive Michael Crean discusses the current state of managed security
- Companies exercise prudence towards AI adoption, ensuring secure implementation: Exploring safeguards and strategies.
- Stolen Brain Data of Sinner and Leclerc (Yellow chroma), previously held in China, repurposed for military training purposes.
