Shlayer on the Sly: Packing up some Extra Sneak | Cyware Alerts


For almost two years, Shlayer trojan has been unleashing the Kraken on the macOS platform. 

What’s going on?

Recently, a fresh variant of the trojan has been discovered that uses poisoned Google searches to pick out victims. The malware is disguised as an Adobe Flash Player installer. Once downloaded, the infection is carried out in a crafty way to evade detection.

The crafty malware

  • The new variant is delivered as a trojan horse application on a DMG disk image.
  • After following the installation instructions, the installer app launches. It looks like a normal app but is a bash shell script.
  • The Mac .app is hidden within a password-protected ZIP file, which, in turn, is hidden within a bash shell script. This is a unique strategy adopted by the malware developers to evade detection.

Worth noting

  • Not only Google, but other search engines, such as DuckDuckGo, Bing, Yahoo, Ecosia, and Startpage, are also likely targeted by this malware.
  • Interestingly enough, FlashDownloader, the company name mentioned in the new Shlayer variant is also tied to a web browser with a built-in free VPN for Windows, claiming that a Mac version is on the way.
  • As of now, it remains unclear how many sites are offering this specific variant of the malware and how many types of search results are poisoned.
  • The IOCs for the Shlayer malware can be found here.

The bottom line is that the malware variant is new and the rate of infections has not been deciphered yet. However, going by the notorious history of the Shlayer malware family, it won’t be wrong to state that macOS seems to be a lucrative platform for the threat actors behind it.



Source link

Recent articles

What Hong Kong’s Pandemic Experience Taught Uber About Other Cities

OAKLAND, Calif. — In late February, Uber executives were set to gather in San Francisco to form business plans for the year as...

Carbon monoxide poisoning clue emerges in fatal DHC-2 crash probe | News

Australian investigators have urged operators of piston-engined aircraft to carry out inspection and repair of exhaust systems, after finding that the pilot of...

Twitter is removing ‘master,’ ‘slave’ and ‘blacklist’ from its code

Twitter is dropping the terms "master," "slave" and "blacklist" from its code after two engineers lobbied for the use of more inclusive programming...

Botswana reports mysterious deaths of hundreds of elephants | News

Hundreds of elephants have died mysteriously in Botswana's famed Okavango Delta, according to an official who ruled out poaching as the tusks were...

Xbox Insider Release Notes – Beta, Delta and Omega (2007.200630-0000)

Hey Xbox Insiders! We have a new Xbox One update preview coming to the Beta, Delta and Omega ring. It’s important...

FIFA Women’s World Cup 2019™ – News – Groenen: Judo prepared me for the pressure of big games

One year ago today Jackie Groenen brilliantly settled a France 2019...

Leave a reply

Please enter your comment!
Please enter your name here