Nasty Mac malware is circulating on Google with you in its sights

1. Home
2. News
3. Security

Nasty Mac malware is circulating on Google with yous in its sights

(Image credit: Tom'due south Guide)

A new form of Mac malware spread via malicious Google search results has been discovered past Mac antivirus maker Intego.

The malware tin can get past Apple tree'south some of security protections and antivirus software by masquerading every bit an Adobe Flash Player update -- but in this case, the Flash update is real.

This is a new variant of the Shlayer malware, which Intego discovered in 2018 and which has been causing havoc for Mac Bone users ever since. Kaspersky estimated Shlayer was responsible for thirty% of all Mac malware attacks in 2019.

• Apple tree user? Stay safety online with the best Mac antivirus software
• Best VPN: pick the ideal provider for watertight privacy
• Just in: Zoom'due south biggest upgrade all the same just confirmed

Writing in a blog post, Intego chief security annotator Joshua Long explained how this new variant appears, as previous versions of Shlayer have, equally an Adobe Flash Actor installer.

He said: "Later the deceptive Flash Player installer is downloaded and opened on a victim's Mac, the disk image will mount and display instructions on how to install it. The instructions tell users to first 'right-click' on flashInstaller and select Open, then to click Open up in the resulting dialog box."

Simply at this betoken, it takes a different path than before Shlayer variants.

"If a user follows the instructions, the 'installer app' launches," Long added. "While the installer has a Wink Player icon and looks like a normal Mac app, it'southward actually a bash beat script that will briefly open up and run itself in the Concluding app."

A bash shell is a Unix-compatible command-prompt framework, only the resulting Final window comes and goes so fast -- "a split up 2d," Long writes -- that the user probably won't notice.

To trick users, a genuine Adobe Flash Player installer is downloaded onto the user'south Mac. The installer is "signed" with Adobe's Apple tree programmer signature, so it will sail right past the Gatekeeper program that screens out unsigned software.

Meanwhile, the shell script also installs a subconscious downloader that can install more than malware and adware -- in other words, Shlayer.

Long explained that the developers' decision to hide the downloader inside a countersign-protected .zero file -- and in turn to hide that within a fustigate shell script - is a novel idea and "articulate evidence" of "trying to evade detection by antivirus software."

• More: Protect your Apple PC with the best Mac VPN

Spreading like wildfire

Long explained that Intego's research team came across this new Shlayer strain when searching for YouTube videos on Google. Clicking on a malicious search result would have the user to a page warning that Flash Player needed to be updated.

"The aforementioned thing could happen with whatsoever search engine: Bing, Yahoo!, DuckDuckGo, Startpage, Ecosia, or any others," Long wrote.

The crooks used deceptive warnings and fake dialog boxes to flim-flam people into downloading the updated version of Flash, which was actually malware. (Previous versions of Shlayer tended to use online ads rather than search-engine results to lure victims to malicious pages.)

Intego has since contacted Google to make it aware of the malicious search results, and claimed that its antivirus is only capable of tackling such malware.

To protect yourself from Shlayer and similar Mac malware, don't update or install Adobe Flash Player, especially when a webpage prompts y'all to practice and so. Flash is existence phased out, and not many websites use information technology any more.

Nosotros'd normally tell you that the best Mac antivirus software will protect you from this new threat, merely as Intego'due south blog postal service pointed out, very few of the antivirus malware-scanning engines listed on VirusTotal detect this new Shlayer variant yet.

Nicholas Fearn is a freelance engineering science journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Estimator Weekly, and many others. He also happens to exist a diehard Mariah Carey fan!

Source: https://www.tomsguide.com/news/mac-malware-shlayer2

Posted by: armesbegrommento.blogspot.com

Share this post