• We are in the security business!

    In order to provide you the safest financial transaction, our payment application requires that you upgrade your browser to one of the following options:

    If your operating system is older than OS X 10.8, the latest version of Safari will not be supported. We recommend using the latest Chrome or Firefox to complete this transaction. Your choice of browser will not impact the performance of the Intego software that you have purchased. 

News & Press Releases

OSX/Shlayer: New Mac malware comes out of its shell

Seattle, WA, FEBRUARY, 2018
Over the weekend, Intego researchers discovered multiple variants of new Mac malware, OSX/Shlayer, that leverages a unique technique.

Although malware that disguises itself as an update to Adobe Flash Player is nothing new, some of the latest incarnations of fake Flash Player installers have an unusual method of downloading additional content.

Intego researchers found OSX/Shlayer spreading via BitTorrent file sharing sites, appearing as a fake Flash Player update when a user attempts to select a link to copy a torrent magnet link.

Torrent sites are notorious for distributing malware and adware, sometimes through misleading advertisements, and sometimes through Trojan horse downloads that claim to be “cracks” or that may contain infected copies of legitimate software (watch our recent interview with Amit Serper or read our article Why BitTorrent Sites Are a Malware Cesspool to learn more about the dangers of torrent sites).

Even if you don’t use torrent sites, you may encounter other sites that claim you need to update Flash Player; in most cases, this is actually an attempt to install malware on your computer.

On some of the malware distribution pages, the fake Flash Player alerts are customized to your browser. If you’re using Mozilla Firefox, you may see an upward-facing arrow appear pointing to the browser toolbar that indicates that there is a recent download available to open.

If you’re using Google Chrome, you may see a pop-up message pointing to the bottom-left corner of the browser window where newly available downloads appear. Ironically, Google Chrome has its own built-in version of Flash Player that users don’t need to update manually; it gets updated automatically whenever Google issues an update for Chrome itself.

What does the malware do if installed?
The primary goal of OSX/Shlayer is to download and install adware onto an infected Mac.

Although “adware” may not sound like a big deal, it can be a lot more harmful than the name implies; be sure to watch our aforementioned interview with Amit Serper to learn more about one particular example of malicious Mac adware.

At least one variant of the malware also appears to exhibit an interesting behavior: It checks whether one of several Mac anti-virus products is installed.

What can I do if I think my computer is infected?
If you suspect that your computer might be infected, you can download VirusBarrier Scanner (free) from the Mac App Store to scan your computer for an existing infection.

We recommend installing antivirus software with real-time scanning protection, such as Intego VirusBarrier X9 (part of the Mac Premium Bundle X9 utility suite), to help block malware before an infection can occur.

Who’s behind this malware?
The variants of OSX/Shlayer discovered to date have been associated with Apple Developer Program accounts registered to one of three names: “Harper Natalie,” “Murphy Rachel,” or “Gennadiy Karshin.”

This does not necessarily mean that individuals by those names are the source of the malware; it’s possible to register for an Apple Developer Program account using a false identity. (At least the first two names are likely fake, given that Natalie and Rachel are typically given names, not surnames.)

Moreover, if a legitimate Apple Developer Program account has been compromised, a third party may exploit that account’s code signing capability for malicious purposes.

The domain names associated with this malware are registered using privacy screens, so little useful information about the domain registrants is obtainable via publicly searchable records.

About Intego
Intego offers an award-winning line of products providing Mac security and enhancing Mac performance. Intego has been designing software to protect and optimize Apple products for over 17 years. No other company has been focused on Mac security and performance as long as Intego. Intego creates products for a full range of Mac and iOS devices, such as iPhones and iPads. Its depth of experience allows the company to create software that not only works well, but is elegant and intuitive. Much like a Mac.

Mac Premium Bundle X9
Buy Now
Free Trial

Get Your Free Trial Download

Thank You!

Get Your Free Trial Download

Please check your email to verify your email address and download your free trial

To keep receiving emails from us, please add us to your address book

Protect your Mac, your files and your family with the most comprehensive security suite available.

Learn More About Virus Protection on Macs

The Mac Resource Center teaches you all you need to know about keeping your Mac and family safe.

Visit the Mac Resource Center
Become a Partner

Interested in partnering with the Mac security specialist?

Sign up now