In accordance with VirusTotal, the malware installer and its payload were not detected by the virus detection mechanisms.
Mac Malware Shlayer
Once the user installs the malicious Adobe Flash Player on his Mac machine, some instructions will appear.
When the user starts following the instructions for installing malware application, the icon looks like the Flash player, but in the background other processes take place.
One is used bash script, which extracts a .zip archive file protected by code access and secretly stores the malicious application in a temporary folder.
Mac malware also downloads Adobe's legitimate Flash Player installer to deceive the user, but it also downloads other malicious ones applications.
"The decision of the developers to hide the Mac .app in a protected .zip file and this file inside a bash shell script is a new idea - and it is also extremely clear that the developers are trying to avoid software detection protection from viruses".
"This recently modified Mac malware is supposed to be a legitimate Flash Player installer, but it can actually download and install hidden unwanted packages containing adware ή spyware".
Shlayer Mac malware is believed to be one of the biggest and most widespread threats to macOS. In February, her researchers Carbon Black have identified a new one Shlayer malware targeting versions 10.10.5 to 10.14.3.
Adobe has already announced that will stop distributing and updating Flash Player after 31 December 2020.