A prolific trojan campaign that tries to trick macOS users into downloading malicious software remains the most common malware Mac users are likely to encounter.
The Shlayer malware first emerged in early 2018 and is predominantly used to install malicious adware on users' systems, with the intention of generating revenue from pop-up adverts and links that relentlessly appear in the victim's browser.
Now, two years on from Shlayer's arrival, figures from Kaspersky Lab reveal that the malware has targeted over one in ten macOS users, making it the most widespread macOS malware threat.
Shlayer's key method of distribution is via phoney Flash updates that have infiltrated thousands of websites.
It's commonly found on websites that allow users to illegally stream television shows and sporting events – and they often tell the user that they need to download a fake Flash Update in order to watch their chosen content. Installing this is what enables Shlayer to arrive on their system.
The malware has also been distributed via legitimate websites, with links to websites that download the malware onto Apple users' systems found hidden in the footnotes to Wikipedia articles and descriptions of YouTube videos. Researchers have uncovered 700 different domains that are being linked to by a variety of legitimate websites.
Users around the world have fallen victim to Shlayer attacks, with the highest numbers of victims in the US, Germany, France and the UK – and it demonstrates that macOS users aren't invulnerable to malware, as is sometimes claimed. Meanwhile, the campaign doesn't show any signs of slowing down while it still generates income for its operators.
"The macOS platform is a good source of revenue for cybercriminals, who are constantly looking for new ways to deceive users, and actively use social engineering techniques to spread their malware. This case demonstrates that such threats can be found even on legitimate sites," said Anton Ivanov, security analyst at Kaspersky Lab.
"Luckily for macOS users, the most widespread threats that target macOS currently revolve around feeding illicit advertising rather than something more dangerous, such as stealing financial data".
In order to avoid falling victim to Shlayer and other malware, researchers recommend that users take care and only install software and updates from trusted sources.
MORE ON CYBERSECURITY
- MacOS Trojan disables Gatekeeper to deploy malicious payloads
- KeySteal exploit attacks MacOS keychain to take all your passwords CNET
- The Mac malware most likely to attack your PC this year
- How to defend your organization against browser-hijacking malware and ransomware TechRepublic
- Ransomware, snooping and attempted shutdowns: See what hackers did to these systems left unprotected online