New Mac malware appears as Adobe Flash Player installer

Researchers security they discovered one new Mac malware που spreads through infected Google search results. The malicious software appears as Adobe Flash Player installer (.DMG disk image).

In accordance with VirusTotal, the malware installer and its payload were not detected by the virus detection mechanisms.

Mac Malware Shlayer

Investigators security of Intego noticed this news version of Shlayer Mac malware distributed as a Trojan horse file (.DMG disk image) and presented as the Adobe Flash Player.

Once the user installs the malicious Adobe Flash Player on his Mac machine, some instructions will appear.

"The instructions tell them users "right-click on the Flash installer, select 'Open' and then click 'Open' in the window that appears," they said in a post. researchers of Intego.

When the user starts following the instructions for installing malware application, the icon looks like the Flash player, but in the background other processes take place.

One is used bash script, which extracts a .zip archive file protected by code access and secretly stores the malicious application in a temporary folder.

Mac malware also downloads Adobe's legitimate Flash Player installer to deceive the user, but it also downloads other malicious ones applications.

"The decision of the developers to hide the Mac .app in a protected .zip file and this file inside a bash shell script is a new idea - and it is also extremely clear that the developers are trying to avoid software detection protection from viruses".

"This recently modified Mac malware is supposed to be a legitimate Flash Player installer, but it can actually download and install hidden unwanted packages containing adware ή spyware".

Shlayer Mac malware is believed to be one of the biggest and most widespread threats to macOS. In February, her researchers Carbon Black have identified a new one Shlayer malware targeting versions 10.10.5 to 10.14.3.

Adobe has already announced that will stop distributing and updating Flash Player after 31 December 2020.