Thousands of websites distribute macOS malware - Shlayer, reports Kaspersky

Kaspersky prevented at least one attack carried out by Shlayer on every 10th system using Kaspersky solutions for Mac, said the global cybersecurity provider in a press release.

Shlayer is a smart malware distribution system that spreads through entertainment websites, partner network and information websites like Wikipedia which indicates that users that only visit legal online sites need additional protection.

Although macOS traditionally is considered as a secure and safer system, cybercriminals still try their hands on to profit from macOS users'.

According to the statistics of Shlayer - the most widespread macOS threat in 2019 - is an example to explain the same.

It specialises in the installation of adware - programs that are known to terrorise users by feeding them illicit ads, intercepting and gathering users' browser queries, and modifying search results to distribute even more advertising messages.

According to Kaspersky's data, the share of Shalyer in all attacks on macOS registered between January and November 2019 amounts to a third or 29.28 percent.

In addition to that, nearly all other top macOS threats are the adware that Shlayer installs including AdWare.OSX.Bnodlero, AdWare.OSX.Geonei, AdWare.OSX.Pirrit and AdWare.OSX.Cimpli.

Since the first detection of Shlayer, its infection algorithm hasn't changed much, despite its activity decreasing barely, thus, making it an especially relevant threat that users need protection from.

The process of infection consists of two phases - during first, the user is made to install Shlayer following which the malware installs a selected type of adware. This leads to infection of the device.

For achieving installations, the threat actor behind Shlayer sets up a malware distribution system with a number of channels leading users to download the malware.

Shlayer is offered to American users as a means to monetise websites in a number of file partner programs, with relatively high payment for each malware installation which prompts over 1,000 'partner sites' to further distribute Shlayer.

The attack takes place usually through a fake Adobe Flash update page that redirect users from various large online services with huge audiences, including YouTube, where links to the malicious website are often included in video descriptions.

Users that click on these links would also get redirected to the Shlayer download landing pages.

Almost all of the websites which lead to a fake Flash Player contain english content.

This corresponds with the top countries where users have been affected by the threat - the USA (31 per cent), India (18.9 per cent), Germany (14 per cent), France (10 per cent) and the UK (10 per cent).

"The macOS platform is a good source of revenue for cybercriminals, who are constantly looking for new ways to deceive users, and actively use social engineering techniques to spread their malware. This case demonstrates that such threats can be found even on legitimate sites," said Kaspersky security analyst, Anton Ivanov.

"Luckily for macOS users, the most widespread threats that target macOS currently revolve around feeding illicit advertising rather than something more dangerous, such as stealing financial data. A good web security solution can protect users from threats such as these, making the experience of searching the websafe and pleasant," added Ivanov.

Further Kaspersky recommends installing and updating programs only from trusted sources to reduce the risk of infection. Finding more information about the entertainment website and scanning its reputation also helps.

( With inputs from ANI )