Category: IT|Jun 26, 2020 | Author: Admin

New Shlayer Trojan Variant Threatens Mac Devices As It Bypasses macOS Security

Share on

Heads up Mac users. A new Mac malware has surfaced online that can infect your device sneakily. This new malware is a variant of the previously discovered Shlayer Trojan for Mac.

Heads up Mac users. A new Mac malware has surfaced online that can infect your device sneakily. This new malware is a variant of the previously discovered Shlayer Trojan for Mac.
Shlayer Trojan Malware Variant Found Researchers from Intego have found a new malware targeting Mac device. Identified as Shlayer variant, this Mac malware is active in the wild aiming at Apple users.

Sharing the details in a post, the researchers explained that this malware is robust enough to bypass the macOS built-in security. Moreover, it also strives to remain under the radar as it escapes antivirus detection. Briefly, the attackers have deployed various malicious websites on the internet.

Clicking any of these links can then trigger the attack. It begins with a prompt showing a fake Adobe Flash Player installer which is actually a Trojan on .dmg disk image. Following the download, the disk image will show up the instructions for installation, following which launches the ‘installer app’.

This installer then executes the malware in the background that keeps hidden. Whereas, it also downloads the legit Adobe Flash Player as well to trick the user. All of this happens within a few seconds giving no hint to the user about the malware. Since the malicious Mac app comes within a password-protected .zip file which is further hidden within a bash shell script, the malware evades antivirus detection.

This Mac app can then communicate with the C&C servers to download and install other malware. Although, the threat actors behind this campaign haven’t bothered to get an Apple Developer Account. However, they still manage to bypass macOS Catalina security prompt as they direct the users to open the app after right-clicking on the file. In this way, the warning prompt still gives an option for the user to open the app.

Hence, the victim is likely to install the malware. Malicious Links Present In Google Search Results What makes this campaign dangerous for the users is that the malicious websites distributing the links easily appear on Google Search results. Though, according to the researchers, this has been happening for almost a decade.


This is far from the first time that search engine results have led to in-browser fake dialog boxes and malicious downloads; this has been happening for more than a decade.

This isn’t specific to Google only, rather any search engine may face such issues.
Though, the search engines may work vigilantly to keep such malicious links out of the search results. As for the users, this campaign is nothing more than a reminder about how they should browse the internet.
Not every link appearing in Google Search results is reliable. Hence, users should never use any untrusted web links to download any software. Let us know your thoughts in the comments.

 

Sponsored Ads:

Comments:


MediaTek shows the world’s first live demos of Wi-Fi 7 technology

Category: IT|Jan 22, 2022 | Author: Admin

iOS 15-hole leaked private Apple ID data to third-party apps

Category: Apple|Jan 21, 2022 | Author: Admin

Had to crisis-postpone new 5G standard in the US to avoid plane chaos

Category: IT|Jan 20, 2022 | Author: Admin

No one found out that the iPhone 13 is missing this until now

Category: Apple|Jan 19, 2022 | Author: Admin

Safari leaks your browser history

Category: General|Jan 18, 2022 | Author: Admin

Chromium Trouble - Can't change default search engine anymore

Category: Google|Jan 17, 2022 | Author: Admin

Here, developers are allowed by Apple to offer alternative payment methods

Category: Apple|Jan 16, 2022 | Author: Admin

Microsoft refuses to correct the error - took matters into its own hands

Category: Microsoft|Jan 15, 2022 | Author: Admin

Now Meta gets the authorities on its neck, again

Category: General|Jan 14, 2022 | Author: Admin

Has invested heavily in podcasts - now Spotify is closing down the studio

Category: General|Jan 13, 2022 | Author: Admin

Claims HomePod mini is on its way to Norway

Category: General|Jan 12, 2022 | Author: Admin

Linux gets the function everyone wants

Category: IT|Jan 11, 2022 | Author: Admin

Flasher RTX 3080 Ti with 3090 BIOS for extra efficient Ethereum mining

Category: General|Jan 10, 2022 | Author: Admin

Dice continues to destroy for himself: removed favorite from Battlefield 2042

Category: General|Jan 9, 2022 | Author: Admin

NBN Co applies fix to get hundreds of Sky Muster satellite services back online

Category: IT|Jan 8, 2022 | Author: Admin
more