Home / / Thousands of websites distribute macOS malware

Thousands of websites distribute macOS malware

Kaspersky prevented attacks carried out by Shlayer, a malware Trojan family, last year

Thousands of websites distribute macOS malware
Shlayer is offered as a way to monetize websites in a number of file partner programs, with relatively high payment for each malware installation made by American users, prompting over 1,000 ‘partner sites’ to distribute it.

Kaspersky Solutions for Mac prevented attacks on at least one out of every ten Mac devices, making this threat the most widespread for macOS users.

A smart malware distribution system, it spreads via a partner network, entertainment websites and even Wikipedia, demonstrating that even users that only visit legal sites still need additional protection online.Despite macOS traditionally considered to be a much safer and secure system, there are still cybercriminals trying their luck to profit from macOS users’. 

Based on Kaspersky statistics, Shlayer - the most widespread macOS threat in 2019 - is a good example of that. It specializes in installation of adware – programs that terrorize users by feeding illicit ads, intercepting and gathering users’ browser queries, and modifying search results to distribute even more advertising messages.

Shlayer’s share among all attacks on macOS devices registered by Kaspersky products in January - November 2019 amounted to almost a third (29.28%), with nearly all other top 10 macOS threats being the adware that Shlayer installs: AdWare.OSX.Bnodlero, AdWare.OSX.Geonei, AdWare.OSX.Pirrit and AdWare.OSX.Cimpli. Furthermore, ever since Shlayer was first detected, its infection algorithm has hardly changed, even though its activity barely decreased, making it an especially relevant threat that users need protection from.

The infection process often consists of two phases – first the user installs Shlayer, then the malware installs a selected type of adware. Device infection however, starts with an unwitting user downloading the malicious program. In order to achieve installations, the threat actor behind Shlayer set up a malware distribution system with a number of channels leading users to download the malware.

This scheme works as follows: a user looks for a TV series episode or a football match, and advertising landing pages redirect them to fake Flash Player update pages. From here the victim would download the malware. For each such installation, the partner who distributed links to the malware receives a pay-per-install payment.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.