zip archive file, which contains a traditional (though malicious) Mac. zip fileĪs the script runs, it extracts a self-embedded, password-protected. dmg disk image, masquerading as an Adobe Flash Player installer.Ī portion of the script’s code, showing the beginning of the embedded. What does the new malware do? How is it unique?Īs is commonly seen in Mac malware, this newly updated Shlayer malware is delivered as a Trojan horse application on a. What is known about the creators of this malware?.Are there a lot of victims of this specific malware?.How does the malware bypass protections built into macOS?.Is this malware in the wild? How does it spread?.What does the new malware do? How is it unique?.Intego identifies the new malware as unique new variants of OSX/Shlayer (the original variant of which was first discovered by Intego in 2018) and OSX/Bundlore (with similarities to past versions of OSX/MacOffers and Mughthesec/BundleMeUp/Adload). Intego VirusBarrier is the first anti-malware solution that is known to detect and remove this malware.
The new malware tricks victims into bypassing Apple’s built-in macOS security protections, and it uses sneaky tactics in an effort to evade antivirus detection.Īs of Friday, the new malware installer and its payload had a 0/60 detection rate among all antivirus engines on VirusTotal. Intego has discovered new Mac malware in the wild, actively spreading through malicious results in Google searches. Malware New Mac malware reveals Google searches can be unsafe