Shlayer-type trojan malware now spreading through Google search

Shlayer-type trojan malware now spreading through Google search

Google may be the world’s biggest search engine, but that doesn’t mean you can fully trust it to take you to safe websites every time. Just like how ordinary sites can manipulate search engine results, hackers are taking advantage of Google’s algorithms to spread malware and phishing scams.

And don’t think using a Mac makes you any safer in the long run. In 2019, instances of malware for Macs spiked at a whopping 16%. Tap or click here to see if your Mac is at risk for infection.

As bad as this statistic is, it’s only the beginning of what looks like a rising trend. And now, a specialty malware has been discovered circulating on Google that can bypass certain computers’ built-in security systems. Here’s what to look for, and what you can do to keep it out of your hardware.

New malware targeting Macs discovered in Google search results

A bizarre new malware has been discovered that targets Macs with deceptive popups and tricky installer files. The malware, a variant of the Shlayer trojan, was discovered by security researchers at Intego who found it while performing searches on Google. Tap or click here to learn more about Shlayer-type malware and their companions.

According to Intego, it can be all-too-easy to discover the malware while searching for specific YouTube videos via the Google search results page.

Several non-YouTube links that appear in search results will redirect you multiple times to landing pages that claim your Adobe Flash is out of date. The popup will be highly detailed and realistic-looking, which is how it tricks you into downloading the malicious file.

Once it’s on your system, the website instructs you to right-click the installer file and click Open. The malware then opens a Terminal window, runs some code, and disappears into the recesses of your computer. For its last trick, it opens a legitimate Flash player install file that downloads the real update to your computer. It’s a true vanishing act!

Infected computers will then experience significant slowdowns and bugs, as well as a barrage of new popups and ads that appear whenever you open a web browser.

How does such a file even make its way on to a Mac? What’s more, how does it trick your computer into appearing as the real-deal Flash player? As it turns out, all it takes is a bit of social engineering combined with some clever programming.

How does this program install itself if my Mac is supposed to be safe? What can I do?

The secret behind this variant of the Shlayer malware lies in its deceptive instruction guide. When you’re greeted with the “Update your Flash player” popup on the landing page, the instructions tell you to “right-click” the installer file to open it. Doing this actually lets you bypass your Mac’s built-in protections that only allow Apple-signed software to install.

And once it’s fully installed, the app kills its own icon and all other traces of its existence. This is further proof that the app is trying to hide from antivirus software so it can spam you with advertisements.

Despite the fact that it can bypass antivirus software, you can actually protect yourself without even running a scan. If you see any, and we mean any popups that tell you to update your Flash player, don’t click them. Instead, visit Adobe’s official website to see if a Flash player update is even necessary.

If an update is available for you, you should install it — but make sure to only download the files from the official Adobe website. Using any other source can put your computer at risk for infection.

At the same time, you may also want to invest in a Mac-centric antivirus program. With cases of Apple-targeted malware skyrocketing, it’s only a matter of time before one tries to attack your system. Tap or click here to see our favorite anti-malware for Mac along with other essential security programs you can download for free.


Source : Shlayer-type trojan malware now spreading through Google search