Don’t know if anyone saw this already, but a previously legitimate application was turned malicious after the product was acquired by another firm.
Before “Night Shift” existed on macOS, there was no way to automatically change to a ‘dark mode’ based on a time of day. So an app was created by a third-party developer, the app was called ‘NightOwl’. A couple of years ago, Apple released this functionality natively into the macOS platform, negating the need for this app.
Most people ended up just using the native features, but some people didn’t remove the app.
Fast forward to earlier this year and NightOwl gets purchased by another company. That company then pushed out an update to ‘monetise’ NightOwl, installing a local HTTP proxy under the misleading name ‘AutoUpdate’ and forcing its web traffic to third parties. The NightOwl Terms of Use page contained a small footnote describing their integration of the SDK to enable this feature, but with no opt-in or opt-out available, the app has been described as nothing more than malware these days, with scripted commands required to fix the routing of web traffic back to the device’s default routes.
In this scenario, the app signing certificate has been revoked, and the app isn’t available in the App Store, but it highlights once again the importance of chain of trust that takes place in using software. Even if you validated the chain once, be sure to periodically review if you need the software, and if it’s still performing only the tasks you ask of it…
Your security and trust are of utmost importance to us. We kindly ask for your patience as we address this matter with the necessary parties. Thank you for your understanding.”
For more details see this article:
This Mac Utility Is Now Malware (howtogeek.com)
And of course, credit to the web developer who first discovered this, Taylor Robinson: Uninstall the Nightowl App, now. (robins.one)
