Beware of New Mac Malware Spreading via Poisoned Google Search Results

Researchers discovered a new wave of Mac malware has been detected recently and the malware is spreading via poisoned Google search results.

This malware is quite tricky, as they shuffle victims so that they neglect Apple’s built-in macOS security protections. 

Even this malware also applies sneaky tactics, so that they can easily evade all the antivirus detection. According to the security firm, this is a new alternative to the Shlayer Malware, which has been creating plunder for Mac OS users.

Moreover, the Kaspersky approximated that Shlayer was liable for 30% of all Mac malware assaults in 2019, while apart from this, it pretends itself as an Adobe Flash Player installer. But, it has its own features, as it takes a crafty road to infection once it’s downloaded, all in the name of avoiding detection.

Mac Malware Shlayer

Intego classifies the new malware as individual and new modifications of OSX/Shlayer, well the initial variant was first identified by Intego in 2018. And now, this OSX/Bundlore has various similarities to previous versions of OSX/MacOffers and Mughthesec/BundleMeUp/Adload. 

The Mac malware Shlayer recognizes a file that resembles to be an update for a modern media player, but when originated will instead manage scripts that download other undesired applications on the infected computer.

This malware is the new version of the previous Mac malware, and it is recently updated to be presented as a Trojan horse application on a .dmg disk image, masquerading as an Adobe Flash Player installer. However, this malware is spreading through the Google search results that divert users to ill-disposed webpages demanding that a browser’s Flash Player is out of date. 

Mac Malware Shlayer spreading like wildfire

According to Intego report, this malware is spreading via Google search results; when a user is searching for YouTube videos on Google, they are getting diverted to the malicious webpages. That’s why, if the user clicks on a malicious search result, then it would take the user to a page showing a notice that Flash Player required to be updated.

Moreover, the threat actors used fake dialog boxes to fool users and make them into downloading the updated version of Flash, which is actually a malware.

But, Intego has informed Google regarding this malware, and they also said that its antivirus is capable of catching such malware. Well, they told the users not to update or install Adobe Flash Player, mainly when a webpage advises you to do so. Nowadays, Flash is getting outdated, and there are not many websites that use it anymore. 

How to Remove this Malware?

According to Intego, this malware can be removed with its new application that is Intego VirusBarrier X9, combined with Intego’s Mac Premium Bundle X9; this can identify and eliminate this malware. 

Every search engine faced different challenges in attempting to stop infected search results that direct to malware. But, Google claims that they will protect users from all-new threats; still, Intego stated that there are very few antivirus malware scanning tools posted on VirusTotal that can detect this new Shlayer variant.

Also Read: Google Alternatives 2020 – 10 Best Search Engines That You Can Use Instead of Google

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege

A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…

2 hours ago

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform.…

3 hours ago

2 Chrome Zero-Days Exploited At Pwn2Own 2024 : Patch Now

Google patched seven vulnerabilities in the Chrome browser on Tuesday, including two zero-day exploits that…

4 hours ago

Source Code of Italian anti-piracy Platform Privacy Shield Leaked on GitHub

The source code and documentation of the Italian anti-piracy platform Privacy Shield have reportedly been…

6 hours ago

Wireshark 4.2.4 Released : What’s New!

Wireshark remains the go-to choice for both professionals and enthusiasts due to its unmatched capabilities…

11 hours ago

Microsoft Edge Flaw Let Hackers Silently Install Malicious Extensions

Guardio Labs has uncovered a significant vulnerability in Microsoft Edge, Microsoft's flagship web browser, that…

20 hours ago