top of page
  • Admin

MacOS Trojan Tries To Shlay You

Published: February 10, 2020 on our newsletter Security Fraud News & Alerts Newsletter.

You don’t think it can happen to you…but it can. For a long time, that still persists, MacOS users have been under the impression that they are immune to downloading and installing malware; or at least much less at risk. While generally true compared to the Microsoft Windows operating system, there are still risks. Case in point, the Shlayer Trojan. Researchers at Kaspersky reported that around 10% of all Macs were attacked with this in 2019.

So how does it work? Well, it is a sneaky little thing. It doesn’t actually harm the computer, but acts as a delivery tool for various other types of malware. If a user clicks an infected link, that’s when Shlayer gets to work. Often times, the user is directed to advertising pages, but a common trick is to convince the user that an outdated version of Adobe Flash Player needs to be updated. A dialogue box pops up with an option to “Download Flash.” If that is clicked, then the trouble begins. It continues with an installation process. Sometimes, the user is asked to install a “Safari Extension,” which is actually a fake dialogue. If that continues, the machine has been infected. While a lot of the time it’s an annoying overabundance of ads, other types of more malicious malware has also been seen.

It’s been said over and over, but using Adobe Flash is not advised. It’s so full of bugs and trouble that it’s just not worth the risk anymore. Most websites don’t require it anymore and some browsers just don’t even allow it. If it is installed on your machine, try to disable it and see if it has any negative effect on your day to day activity. If not, just remove it completely. If you must have it installed, don’t trust dialogue boxes that pop up out of nowhere. Instead, go to Adobe’s website and check for updates directly from there.

In general, be wary of clicking links that you are not 100% certain are safe and won’t lead you to a malware infection. If they arrive in email, definitely don’t click unless you are expecting to receive it. In this case, and certainly many others, malicious links were planted in YouTube video descriptions. Sometimes, they are planted in user group boards, such as on Facebook.

Kaspersky reports that Shlayer accounts for 30% of all MacOS Trojans detected and while infection rates have stabilized a bit, it’s still very prevalent.

Want to schedule a conversation? Please email us at

7 views0 comments


bottom of page