General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsThe Sneaky Simple Malware That Hits Millions of Macs
https://www.wired.com/story/macos-shlayer-trojan-adware/The popular misconception that Macs dont get viruses has become a lot less popular in recent years, as Apple devices have weathered their fair share of bugs. But its still surprising that the most prolific malware on macOSby one count, affecting one in 10 devicesis so relatively crude.
This week, antivirus company Kaspersky detailed the 10 most common threats its macOS users encountered in 2019. At the top of the list: the Shlayer Trojan, which hit 10 percent of all of the Macs Kaspersky monitors, and accounted for nearly a third of detections overall. Its led the pack since it first arrived in February 2018.
Youd think that such prevalence could only be achieved by comparable sophistication. Not so! From a technical viewpoint Shlayer is a rather ordinary piece of malware, Kaspersky wrote in its analysis. In fact, it relies on some of the oldest tricks in the books: convincing people to click on a bad link, then pushing a fake Adobe Flash update. Even the trojans payload turns out to be ho-hum: garden variety adware.
Shlayers brilliance, it turns out, lies less in its code than its method of distribution. The operators behind the trojan reportedly offer website owners, YouTubers, and Wikipedia editors a cut if they push visitors toward a malicious download. A complicit domain might prompt a phony Flash download, while a shortened or masked link in a YouTube videos description or Wikipedia footnote might initiate the same. Kaspersky says it counted more than 1,000 partner sites distributing Shlayer. One individual, Kaspersky says, currently owns 700 domains that redirect to Shlayer download landing pages.
<more>
Fiendish Thingy
(15,622 posts)Thats the final protection Macs offer from malware that Windows machines dont - if youre not vigilant about where you download stuff from, youll get burned.
Flash is the worst offender- I have it disabled on all but one app, and then only to watch YouTube, no other websites.
Big Blue Marble
(5,091 posts)Jane Austin
(9,199 posts)Thanks.
Big Blue Marble
(5,091 posts)When they do, I just leave. If I really want to see it, I can always go to iOS which works great without it Flash.
I decided several years ago Flash had too many vulnerabilities to run on my computers.
Jane Austin
(9,199 posts)By iOS, do you mean the Macintosh operating system?
Thanks.
Big Blue Marble
(5,091 posts)I do use a Mac computer but do not have Flash. I really seldom encounter sites that want it.
They are always sites I can skip. As I said, it is just not worth the risk.
Some sites that do not work well with Macs wlll work just fine with iAds and iPhones when you
really want to access the video which is hardly ever.
Jane Austin
(9,199 posts)I really appreciate ite.