Shlayer Trojan Attacks One In Ten MacOS Users (Jan 23, 2020)
Being active since May 2018, Shlayer today has caused one in ten macOS users confronted with the trojan downloader with it making up 30% of all malware detections on mac systems. Shlayer is distributed by initially appearing as other services such as looking for live streams of sports events or download tools e.g. Adobe Flash Player. Users are redirected to web pages that appear as legitimate to encourage users to download Shlayer thinking it is something else. The malware has been seen in links of Youtube videos and Wikipedia articles. Once the malware mounts the mac’s DMG image, the user will be asked to install a file, but the installer actually contains several python scripts with one being able to acquire the user ID, system id and other details about the version of macOS. Once Shlayer has carried out all its tasks, the trojan will delete the downloaded archive and any of its unpacked contents to remove indication of infection. America is the main target making up 31% of all targets with Germany coming in second at 14%.
Recommendation: This story is an example of social engineering tactics threat actors use to trick users into installing malware on their machines. All social media users should be cautious when accepting unknown user requests, and particularly cautious when receiving communication from unknown users. Even if callers state they are from the bank or another trusted entity, it is best practice to not access unknown websites that are given by the callers unless officially verified. If you are unsure about the legitimacy regarding security modules, contact the company behind the product to be ensured that it is legitimate
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.