Trojan using fake Flash updates infects 1 in 10 Macs | Cult of Mac

Trojan using fake Flash updates infects 1 in 10 Macs


The Shlayer Trojan hides in fake Flash update pages like this.
Photo: Kaspersky

A dangerous piece of Mac malware that hides as a fake Flash warning is a growing security threat to Mac users with one in 10 Macs infected, according to the security firm, Kaspersky.

The Shlayer Trojan has been active since early 2018 and so far it shows no signs of going away quietly. Shlayer has had an enormous amount of success attacking Macs, even though it’s a rather normal piece of malware.

TOP 10 threats for macOS by share of users attacked, as detected by Kaspersky for macOS.
Photo: Kaspersky

There are numerous variations of the Shlayer Trojan, but security researchers at Kaspersky say it hasn’t changed much since it was first discovered in 2018. Shlayer became the most common threat to macOS by 2019. It now represents 30% of all trojans detected on macOS by Kaspersky’s security solutions.

“Having studied the Shlayer family, we can conclude that the macOS platform is a good source of revenue for cybercriminals,” reads the Kaspersky report released on Thursday. “The Trojan links even reside on legitimate resources — attackers are adept in the art of social engineering, and it is hard to predict how sophisticated the next deception technique will be.”


Watch out for Shlayer

An example of a Shlayer landing page.
Photo: Kaspersky

If you’ve ever tried to find a live broadcast of a sports event or stream an episode of a popular TV shows through shady internet sources, odds are you’ve run into Shlayer. Researchers even found links to the trojan hidden in Wikipedia references.

Shlayer is often offered up to sites as a monetization tool. It offers a pretty high installation fee compared to other adware trojans. Kaspersky’s report found more than 1000 sites distributing Shlayer. Sites point users to nicely crafted fake pages that prompt you to install the malware under the veil of a Flash Player update.

Kaspersky found that Shlayer was most prevalent in the U.S. which was hit with 31% of total attacks. Germany came in second with 14%, followed by France and the U.K. with 10% each.



Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.