At least 10% were affected
Kaspersky’s Cyberthreat group, Securelist made research that revealed, 1 in every 10 Macs (or 10%) out there were infected with this new trojan called Shlayer. The team said, Unlike others, makers of this malware have chosen a new patch for infecting users. They’re betting on trending events or popular shows to create a fake website and push themselves up in search results of the web. And if anyone appealing yo such events visit that site, it prompts them to install additional resources to function. These could be like updating the Flash player, adding an extension, downloading additional files etc. Attackers use sophisticated means to embed those fake website links into top web results, YouTube videos and even in Wikipedia articles! And when attempted to update things like fake Flash player, it turns out as a Shlayer malware that infects the PC. Upon installation of that, it further prompts to install another software, which is basically just another malware. This happens on the name of Adobe Player or even BlueStacks App Player! And proceeding with this installation is further harmful. Interestingly, options as Next and Skip are of no use, you gotta get this malware installed anyway in the background.
Affects and Defense
This malware installs a browser extension into Safari, which monitors the victim’s search activity, browsing habits, and can sometimes redirect the user to other search engines. After this, it will install SearchSkilledData, which is a mitmdump proxy through which the stolen data is being sent to the attacker. Alongside, a trusted certificate is installed too for modifying the HTTPS traffic and results, injecting scripts and ads onto any web page. Safeguarding against such attacks is simple. Relying on tough antivirus softwares for flagging them is one, or being cautious while browsing is another. Whenever you’re trying to watch a video or play a simple game online, and the website prompts to install an update, close and leave it. There’s something fishy being pushed to vulnerable victims always. Images Source: Securelist | Via BleepingComputer