The Shlayer virus sounds pretty scary.
You may have never heard of it before. but scarier than the virus itself is just how widespread it is across Mac devices and what's really surprising is how it spread.
Now you've probably heard the whole idea that 'Oh Macs don't get viruses that just isn't true obviously' though in the past it was much rarer for a
Which is absolutely insane, I mean if you're using a Mac right now there's a slight chance yours is infected right now. So you might be thinking well if this virus is so widespread, it must be super sophisticated and dangerous but that's not really the case.
Via@ThioJoe |
So what exactly does this virus do?
Well, it infects users by usually convincing people to install a fake Adobe Flash update and the payload is often just some kind of adware, which makes money by inserting spammy ads on to sites you visit but the most interesting part about the virus is really how its distributed. You see the virus creators basically created an affiliate program yes, like instead of a legitimate business that has affiliate programs for selling real products like Amazon has for example. this virus actually pays shady people who distribute links around the web, then when someone is infected whoever puts the link gets a paid a fee.
According to Kaspersky, they've counted over 1,000 domains distributing it but that also includes places like YouTube video descriptions and even Wikipedia page reference links. apparently in many of these cases a sketchy person will find legitimate links that go to expired domains, then buy up the domains to redirect to the virus.
Another common type of site it's found on are those claiming to have like TV episodes and movies to stream but then when you go to actually try to watch Ono requires the install at Adobe update which then infects you. Now one thing to point out is the Slayer trojan itself is basically just a delivery mechanism and the payload itself meaning the actual malware it installs could be one of several and in basically all these cases it's been adware. So for example once installed it will track searches you make on Google then insert its own links into the results. if you're curious about the details most recently the payload Shlayer has been installing is adware called simply or Kimbley I'm not sure out of pronouncing it and with this when you go to install the fake update it will also attempt to install a malicious Safari extension.
Mac OS will show a warning about this of course but here's the tricky part - during the installation the virus will generate a pop-up that overlays over the warning saying something like installation complete and then when you click on that it somehow makes it click through to ignore Mac's warning.
Then like I said the malicious extension will change the content and links and also install a trusted encryption certificate so it can even intercept encrypted HTTP traffic.
So, basically like a man-in-the-middle attack and other than that it's pretty hidden. so unless you become suspicious of the links it inserts you probably won't even know you're infected. of course, having anti-virus software would hopefully be able to detect and remove it. what's especially concerning with this virus at least I think is that the attack vector is basically the oldest trick in the book.
Those fakes streaming websites requiring a video player or special codec or whatever are practically as old as the internet itself.
So the fact that people are still falling for it is really surprising and this Schleyer virus itself is not even new, it's been around for like two years now. as for how to protect against it I mean obviously, you need to have some common sense if you're on some sketchy website trying to view bootleg TV streams and you get a pop up to install anything that should be the biggest red flag ever.
Also realized that Adobe Flash is rarely used by anything anymore and is being deprecated by nearly all web browsers anyway and of course you should probably have some form of antivirus installed on Windows for many people just having the built-in Windows Defender is ok! as long as you exercise common sense but if you recognize yourself as not very good with computers that's fine you should probably have something a bit more robust in terms of antivirus. on Mac, it was my understanding that it does have built-in antivirus functionality but apparently it's not very good otherwise we wouldn't have 10% of Mac's being infected with such a rudimentary virus.
So it seems like going with a paid option is probably the best option. another important thing to point out is this virus actually requires the user to download and install it. it's not like a drive-by attack so if you are just extra suspicious about what you download and install specifically for the software you didn't actually seek out.
you should be mostly fine but if any website tells you to install some software even something you're familiar with like adobe flash then if anything just go to the actual Adobe website for yourself, don't download it from the website but remember at this point anything you're requiring an Adobe Flash update is probably a scam anyway.
If your Mac has been affected, search YouTube or Google How to remove Shlayer Virus from your Mac or something like that.
By - Ifti Ahmed
Post a Comment