Mac users can fall victims if they click on the malicious ads that runs rogue code inside the browser. The most common malicious ads campaign that is distributing this malware is the Flash Player update pop up. These malware campaigns were first reported in January 2019. Tarmac malware is a companion to Slayer, which was discovered in January 2019 when the first incidents of malware campaigns were reported.
The bogus Adobe Flash Player update campaign has a malicious code which gets executed on a system, which further downloads additional malicious software. The Tarmac malware is the second storage of the Shlayer. This malware analyses the infected machine’s hardware configuration and silently uploads information to a command-and-control server.
Purpose of both these malwares is still unclear. Tarmac is used only for reconnaissance right now. The command-and-control servers of the malware are offline. The frustrating part is that the next step of both Shlayer and Tarmac is unclear. It is possible that both the malware get new instructions tailored for the infected machine’s hardware.
In an interview with ZDNet, Taha Karim, security researcher at Confiant said,
“We think actors proceed by trial and error, and they might have found a sweet spot in Italy, between the profit they can reap and the level of attention from the security community.”
Tarmac is digitally singed with a legitimate Apple developer certificate. Which helps the malware to pass through the built-in protection of MacOS, Gatekeeper, and XProtect. However, it cannot bypass the antivirus software. Hence the safest thing that you can do right now is install one of the best Mac antivirus software.