Apple mistakenly approved a malware code on macOS, according to independent security researcher Patrick Wardle. The malware is called Shlayer, and it's basically pretty annoying and persistent adware. At least one malicious site has been detected that tricks the user into installing the program by disguising it as an Adobe Flash Player update.
Beginning last year, traditional malware should crash at this point: the code of every Mac program, also if downloaded from outside the App Store, it must be sent to Apple for verification and authentication – Apple uses the term "notarization" to be precise. If the code in question is not authenticated, the Mac returns an error message saying that since the code cannot be verified, execution is blocked. And there is no way around this limitation.
But since the Shlayer code has been approved, evidently by mistake, the installation is successful; as a result the malware starts installing spyware and other types of nefarious things, which can monitor a user's browsing activities, create fake profiles and use the device as a "click farm" for advertisements, or even just present annoying pop-ups that ruin the user experience.
The most curious aspect of the whole affair is that Apple has repeated its error of judgment twice. Once contacted by Wardle, Apple verified and confirmed the report and revoked the app's certificates and blocked the account of its developers; however, they managed to have the code reapproved by sending it from another account. However, Apple confirmed to TechCrunch that it has blocked even the newest code.
As macOS becomes more popular, the more threats and malware attacks that target it grow. The latest research from MalwareBytes even reveals that, proportionally, Macs are infected more than Windows computers.