A fresh variant of the Shlayer Mac OSX malware with advanced stealth capabilities has been spotted in the wild, actively using poisoned Google search results in order to find its victims.
According to researchers at Intego, the malware, like many malware samples before it, is purporting to be an Adobe Flash Player installer. However, it has its own unique characteristics: It takes a crafty road to infection once it’s downloaded, all in the name of evading detection. To start with, the masquerading “installer” is downloaded as a .DMG disk image, according to Intego’s analysis.
“After the deceptive Flash Player installer is downloaded and opened on a victim’s Mac, the disk image will mount and display instructions on how to install it,” explained Joshua Long, chief security analyst at Intego, in
a posting on Monday.
Oddly, the instructions tell users to first right-click on the Flash Installer and select “Open,” and then to click Open in the resulting dialog box. But this “may be a bit puzzling to many casual Mac users,” Long pointed out. “Unlike typical Windows PCs, there is no obvious right-side button on Apple mice and trackpads. Therefore, novice Mac users may not know how to do the Mac equivalent of a right-click, and therefore may not understand how to run the malware installer script.”
www.intego.com
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
