Are you those bunch of people who still believe Macs are less security vulnerable than Windows? If yes, change your perception at least now. Macs are as equally vulnerable to any security hack as Windows. New research from Kaspersky reveals that 10% of all Macs are attacked by a new malware called Shlayer.

At least 10% were affected

Every 1 in 10 Mac Computers Were Attacked by Shlayer Trojan
macOS Infected by Shlayer Trojan

Kaspersky’s Cyberthreat group, Securelist made research that revealed, 1 in every 10 Macs (or 10%) out there were infected with this new trojan called Shlayer. The team said,

“In 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS.”

Unlike others, makers of this malware have chosen a new patch for infecting users. They’re betting on trending events or popular shows to create a fake website and push themselves up in search results of the web. And if anyone appealing yo such events visit that site, it prompts them to install additional resources to function.

These could be like updating the Flash player, adding an extension, downloading additional files etc. Attackers use sophisticated means to embed those fake website links into top web results, YouTube videos and even in Wikipedia articles! And when attempted to update things like fake Flash player, it turns out as a Shlayer malware that infects the PC.

An example of a fake website asking the user to download additionals

Upon installation of that, it further prompts to install another software, which is basically just another malware. This happens on the name of Adobe Player or even BlueStacks App Player! And proceeding with this installation is further harmful. Interestingly, options as Next and Skip are of no use, you gotta get this malware installed anyway in the background.

Malware asking permission as BlueStacks

Affects and Defense

This malware installs a browser extension into Safari, which monitors the victim’s search activity, browsing habits, and can sometimes redirect the user to other search engines. After this, it will install SearchSkilledData, which is a mitmdump proxy through which the stolen data is being sent to the attacker. Alongside, a trusted certificate is installed too for modifying the HTTPS traffic and results, injecting scripts and ads onto any web page.

mitmdump proxy running as SearchSkilledData

Safeguarding against such attacks is simple. Relying on tough antivirus softwares for flagging them is one, or being cautious while browsing is another. Whenever you’re trying to watch a video or play a simple game online, and the website prompts to install an update, close and leave it. There’s something fishy being pushed to vulnerable victims always.

Images Source: Securelist | Via BleepingComputer


Please enter your comment!
Please enter your name here