By now, you must have heard that Apple’s Notary Service approved and notarized some malware just over a week ago. I’ve seen so many hot takes on the subject that I thought it was time to stand back and take a longer view at just what happened, and what it really means. The story is rather more complicated than has often been portrayed, and continues to develop.

The malware in question is OSX/Shlayer, which has been around for more than two years now. According to detection surveys conducted by vendors of anti-malware products, it has rapidly become the most commonly detected malware on macOS. It has previously been distributed as a fake Flash installer via BitTorrent file sharing sites and other locations, and on this occasion was obtained from a fake Homebrew package manager site, still posing as a Flash installer, despite the fact that Flash is less than four months away from death (at last).

Shlayer is primarily adware, albeit of the most offensive and intrusive kind. It doesn’t set out to steal your secrets or encrypt files and hold you to ransom, but to install seemingly endless and highly invasive adware. It’s therefore very much a commercial product, funded by the ads it foists on you. It has evolved rapidly, and is cunningly designed to evade detection.

Over the last couple of years, a succession of security experts have deemed Shlayer unsuitable for conventional signature-based detection methods, because of its design and frequent evolution. Rapid checks, such as those most probably performed as part of Apple’s initial notarization process, are therefore unlikely to be able to detect it. Most of us had assumed that those brief checks would be followed by slower and more thorough analysis, with triage determining which apps needed to go on for expert human dissection.

Consider, for a moment, clinical medical tests for Covid-19, a subject on which many of us are now armchair experts. Even the most accurate has significant false positive and false negative rates. The standard PCR test may be repeated several times before a patient finally tests positive and confirms clinical suspicions, and it’s long been known that the normal test continues to return positive results even when the patient is no longer infectious, as it also detects virus fragments which can’t transmit the infection. (Anyone who thinks the latter is news now really hasn’t been paying attention.)

No matter how ingenious and thorough are Apple’s checks made during notarization, to assume that they could ever be infallible is a bit naïve. Indeed, a year ago, Cedric Owens described how it’s possible to build a macOS app which can launch the red-teaming framework Apfell, which can be notarized successfully.

Apple is playing Tom to this adware’s Jerry, and now the mouse looks to be in trouble. Shlayer’s authors had sufficient manpower and budget to obtain fresh developer accounts and repeat their notarizations, but most recently Patrick Wardle has reported that they have abandoned notarization and returned to tricking users into opening Shlayer by bypassing Gatekeeper in the Finder. That procedure gains an extra step in Big Sur, making it that bit harder for the gullible to follow.

Over this time, Apple has benefited from having free samples of Shlayer, together with all the details supplied when registering each developer account, and submitting each new version of Shlayer for notarization. During the initial stage of each notarization, Apple obtains unspecified ‘metadata’ from the Mac which is performing the notarization; I’d be most surprised if that alone doesn’t provide a lot of information which can be used to identify the authors, and to inform future attempts to notarize their malware.

For each notarization, Shlayer’s authors have had to acquire a fresh developer account, create signing certificates against that account, configure their build system for that new account, build their app, and submit it for notarization. That is far more laborious and, on any scale, costly than simply shipping malicious software without any signature. It also ensures that Apple has a sample of each and every notarized version of the malware, rather than having to rely on those which it has been able to capture in the wild. Notarizing your malware is a big gamble: even if you’re successful, the information you give Apple only helps its detection and countermeasures.

Shlayer’s authors also have little time now before their longstanding spoofing of Flash installers goes to its grave alongside Flash (at long last). There isn’t an obvious successor to Flash for their purpose, as its behaviour in popping up when browsing websites has rightly fallen into disfavour. If Shlayer is going to continue to make them money, they need a new trap for the gullible from whom they have been profiting.

We have no idea whether this is the first malware to be notarized. It’s perfectly possible that Apple has previously detected malicious apps which had been approved by its Notary Service, only to revoke their certificates once it was discovered that they were malicious. There will undoubtedly be other malicious apps which become notarized in the future.

Does any of this mean that notarization is now useless, or has burned to death? If it were the sole means of protection against malware, of course it would. But macOS features a layered security system. Each layer, such as quarantine and first run checking, has its vulnerabilities and bypasses. As I explained in the context of the Swiss Cheese model, those assemble into a whole which is far stronger than the sum of its parts. Time will tell whether Shlayer proves to have gained any benefit from this episode, but I suspect that in the long run malware developers won’t find it profitable to run the risks it poses. And I think Apple has known that all along, and designed its notarization system with that purpose in mind.