New Mac malware detected. Thousands of Apple users infected each day

During 2019, network security specialists from Kaspersky issued reports on thousands of infections of Shlayer, a new Trojan family, managing to prevent attacks on one in ten Mac devices. Although it appeared that the threat had been contained, recent reports claim that the malware remains active.

In its report, Kaspersky mentions that attackers
employ an ingenious method of distribution, deploying Shlayer through
associated networks, entertainment websites and even via Wikipedia, so not only
users who browse insecure websites are exposed, but this malware could also
reach visitors from legitimate pages. 

Although macOS is considered a much more secure system than other widely used options, many groups of threat actors manage to develop methods of attack against users of this system and, over the past year, Shlayer infections were an important example of this trend.

Kaspersky’s network security experts claim that
Shlayer was the most active malware on any Apple system; Dedicated to the
installation of adware, Shlayer collects searches in the browser to
subsequently alter the results displayed to the target user in order to display
more invasive advertisements.

Regarding the infection process, Kaspersky
detected that it is divided into two phases:

  • Installing
    Shlayer and installing a specific adware variant
  • Download
    the malware; for this, the attacker must force the victim to perform the
    download using the malware’s distribution system

Threat actors often offer Shlayer as an option
to monetize websites as part of a partner program, in addition to insuring
website administrators that they will receive a relatively high payment for
each installation of this adware.

According to Kaspersky network security
experts, the scheme works as follows:

  • The
    potential victim searches for online content (streaming sporting events, movies
    on pirate sites, etc.)
  • Associated
    pages redirect the user to fake Flash Player update pages
  • Once
    on the fake page, the victim downloads the malware

However, this is not the only way to complete the infection. Attackers have also managed to place links to the fake Adobe Flash page on legitimate platforms such as video descriptions on YouTube or references in Wikipedia articles. In total, Kaspersky detected 700 domains (legitimate and illegal) with links to the malware download site.

Malicious link in the references section on Wikipedia
SOURCE: Kaspersky

Although most of Shlayer activity is
concentrated in the United States, a considerable number of attacks have also
been detected in Germany, France, the United Kingdom and other European

International Institute of Cyber Security
(IICS) network security specialists believe attacks on macOS system users to be
a significant profit for attackers, especially through engineering campaigns
easy to deploy even through legitimate platforms. Fortunately it’s not all bad
news, as experts say that users of this operating system are less exposed to
data theft incidents than users of their counterparts, although it could be a
great idea to consider using other data security method.

To Top

Pin It on Pinterest

Share This