This is why you don’t download suspicious Flash updates from out of nowhere.
Security firm Kaspersky has stated that in 2019, the Shlayer Trojan infect one in ten Mac users, exposing users to malicious apps that hide behind fake error messages about users needing to update Flash.
The firm stated that Macs have been the frequent target of the Shlayer Trojan. Kaspersky cited that the trojan has been active since at least early 2018, though in 2019 it was the most common threat to macOS. Around 10 percent of all Macs were attacked with it, and by itself, Shlayer represents 30 percent of all the Trojans detected on macOS.
Kaspersky’s report stated that “thousands of websites” include the Shlayer Trojan download, typically because the sites partner with cyber criminals.
However, legitimate sites could have this added, too.
“[These include] YouTube, where links to the malicious website were included in video descriptions,” says Kaspersky in its report, “and Wikipedia, where such links were hidden in the articles’ references.”
The Shlayer Trojan typically installs a Safari Extension, which the Mac asks the user if they’d like to use it. However, while macOS is warning that this is an unrecognized extension, Shlayer is overlaying that message with a fake dialog box saying that the installation is complete. During the course of this, users see an “Okay” button and click it, when in reality they’re clicking a Trust button, stating that it’s ok for the operating system to install this software.
During the final stage, the Mac user can be bombarded with ads, wherein any browsing can also be affected by targeted ads being presented.
“[Since February 2018] we have collected almost 32,000 different malicious samples of the Trojan,” says Kaspersky. “Having studied the Shlayer family, we can conclude that the macOS platform is a good source of revenue for cybercriminals.”
Significantly, Kaspersky says that even though the Trojan was detected almost two years ago, it is still prevalent.
“The operation algorithm has changed little since Shlayer was first discovered, nor has its activity decreased much,” the company continues. “[The] number of detections remains at the same level as in the first months after the malware was uncovered.”
In short, be careful out there, consider looking into anti-malware software, and only download Adobe Flash Player updates via the Adobe web site.
Stay tuned for additional details as they become available.
Via AppleInsider and Kaspersky