What we know
The Tarmac malware, also known as the OSX/Tarmac malware is being distributed through a malvertising campaign that redirects potential victims to sites displaying fake software updates.
“Even though with a fake identity but this Apple Developer certificate is still signed by Apple thus the malware is allowed to run after some preliminary checks,” say researchers.
What we don’t know
The malvertising campaign that delivers Shlayer and Tarmac reportedly began in January 2019. The campaign was spotted in January but only the Shlayer malware was discovered then.
The malvertising campaign was found to be targeting macOS users in Japan, Italy, and the US.
“We think actors proceed by trial and error, and they might have found a sweet spot in Italy, between the profit they can reap and the level of attention from the security community,” a Confiant security researcher Tara Kahim told ZDNet.