Malware has evolved over the years and there are threat reports which revealed that such malicious activities have been detected in Apple too. If you think that only advanced malware can target devices like Mac, then you should correct yourself.
Security researchers have mentioned about a particular malware which has been targeting macOS users and can trick them to download and then install malicious software. As per the experts, this is the most widespread macOS malware.
The researchers at Kaspersky have mentioned that the Apple systems are the frequent target of the malware called Shlayer Trojan. The experts from the Moscow based cybersecurity company stated that the Trojan malware which has active since at least early 2018, turned into a most common threat to macOS in 2019. It should be noted that almost 10 percent of all Mac systems were attacked by it, and by itself, Shlayer represents 30 percent of all the Trojans identified in macOS.
In a report, published by Kaspersky, the researchers have mentioned that Shlayer Trojan is a delivery mechanism for a variety of malware payloads. First, this malware gets onto a Mac system and then it fetches other malicious code, mostly adware, without harming the machine itself.
How this malware attack takes place?
When a Mac user clicks on a link to a malicious site, it initiates the download of Shlayer Trojan to the user's system. There are thousands of websites, partner with cybercriminals, who induce such downloads, says the Kaspersky report. But some legitimate sites also can run the same operation like other compromised sites.
The reports also claim that "users ended up on a page seemingly offering an Adobe Flash update. But they were redirected there from large online services boasting a multimillion-dollar audience. Time and again, we have uncovered links pointing to malware downloads in the descriptions of YouTube videos."
How it works?
After the completion of the download the user is prompted to install an app and the user is directed to first right-click and choose Open Package. After the installation, the Shlayer Trojan downloads adware or other such malicious apps by itself. It should be mentioned that there is one type of malware that Shlayer Trojan installs which is a Safari Extension. But before using it Mac does ask users whether they want to use it or not.
Here, Shlayer Trojan plays its smart move and while Mac started showing the warning for the unrecognized extension, it overlays the message with a fake dialogue box saying that the installation is complete and showcases an OK button.
When the users click on the button, they are actually clicking a Trust button that macOS was actually displaying which means the users are asking Mac system to allow the installation of the software. Once the whole process gets completed, the malware bombards the Mac system with ads.
The Kaspersky's finding
The company stated that even though the Trojan was detected almost two years ago, it is still frequent. They said that since February 2018, the researchers at Kaspersky have collected almost 32,000 different malicious samples of the Trojan. After studying the Trojan malware for years, the experts stated that they realized that "the macOS platform is a good source of revenue for cybercriminals."
In addition, the company stated that "the operation algorithm has changed little since Shlayer was first discovered, nor has its activity decreased much. [The] number of detections remains at the same level as in the first months after the malware was uncovered."