Το 2019, η Kaspersky εμπόδισε attacks που πραγματοποιήθηκαν από το Shlayer, μία κακόβουλη οικογένεια Trojan, τουλάχιστον στο 10% των συσκευών που χρησιμοποιούν solutions Kaspersky for Mac protection, making this threat the most prevalent for MacOS users. A clever malware distribution system spreads through a network of affiliates, entertainment websites and even Wikipedia, proving that even users who only visit legitimate sites still need extra protection when online.
Although macOS has traditionally been considered a much more secure system, there are still digital criminals trying to take advantage of users of this software. Based on Kaspersky statistics, Shlayer is a good example. Specializes in installation adware – programs that terrorize users by distributing illegal ads, eavesdropping and gathering users' browser searches, modifying results searchs for the distribution of even more commercials messages. Shlayer's share of all attacks on macOS devices recorded by Kaspersky products in the period January-November 2019 amounted to almost 1/3 (29,28%).
Η διαδικασία “μόλυνσης” αποτελείται συχνά από two φάσεις – πρώτα ο χρήστης εγκαθιστά το Shlayer και έπειτα το malware installs a selected type of adware. However, the "infection" of the device starts with an unsuspecting user who downloads the malicious program. To gain access, the malicious player behind Shlayer has set up a malware distribution system with a number of channels that lead users to "download" the malware.
shlayer is offered as a way to monetize websites through various affiliate advertising programs, with a relatively high payment for every malware installation made by US users, with more than 1.000 "partner sites" distributing shlayer.
This scheme works as follows: a user searches for a TV series episode or a football match and the ad pages redirect them to fake Flash Player update pages. From here the victim will "download" the malware. Thus, the partner who distributes links to the malware receives payment for each installation.
Other systems lead to a fake Adobe Flash update page that redirects users from various major online services visited by millions of users, including YouTube, where links redirected to the malicious site were included in the video descriptions, and Wikipedia, where such links were hidden in the article references.
Users clicking on these links were also redirected to the main Shlayer download pages. Kaspersky's researchers found 700 malicious domains, links to which were found on various legitimate websites.
Almost all websites that lead to a fake Flash Player had content in English, with the USA (31%), Germany (14%), France (10%) and the United Kingdom (10%) being the countries that received the most attacks.
“The macOS platform is a good source of revenue for cybercriminals, who are constantly looking for new ways to trick users, and heavily use social engineering techniques to spread their malware. This case demonstrates that such threats can be found even on legitimate websites. Fortunately for macOS users, the most prevalent threats targeting macOS currently revolve around the distribution of illegal ads rather than something more dangerous like financial theft data. A good online security solution can protect users from threats like these, making the experience of browsing the web safe and enjoyable," said Anton Ivanov, security analyst at Kaspersky.
To reduce the risk of "infection" with Trojans such as Shlayer, Kaspersky recommends:
- Install programs and updates only from trusted sources.
- For more information on the entertainment site you plan to visit:
- Scan his name online and try to find comments about it.
- Use a reliable security solution that provides advanced protection for Macs as well as PCs and laptops.
More information can be found at special website Securelist.com.