{"id":76207,"date":"2018-03-06T15:12:11","date_gmt":"2018-03-06T23:12:11","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=76207"},"modified":"2022-09-27T11:58:56","modified_gmt":"2022-09-27T18:58:56","slug":"month-in-review-apple-security-in-february-2018","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-february-2018\/","title":{"rendered":"Month in review: Apple security in February 2018"},"content":{"rendered":"

\"Apple<\/p>\n

February\u00a0brought to light\u00a0four families of Mac malware: Intego discovered OSX\/Shlayer, two RATs were found, and a popular Mac software download site distributed Trojanized versions of Firefox, OnyX, and Deeper.<\/p>\n

Meanwhile:\u00a0a single Telugu character\u00a0allowed pranksters\u00a0to crash\u00a0iOS devices and Macs, Apple’s T2 chip\u00a0brings security improvements to the new iMac Pro, and a government contractor claims it can unlock any iOS device.\u00a0Read on for these stories and more!<\/p>\n

New Mac Malware: OSX\/Shlayer Discovered by Intego<\/h3>\n

\"\"In mid-February, Intego researchers discovered OSX\/Shlayer<\/strong>, an interesting new twist on a classic malware attack. OSX\/Shlayer comes in the form of a\u00a0fake Flash Player installer, but what’s unusual\u00a0is that it\u00a0leverages code-signed shell scripts\u00a0to do its dirty work.<\/p>\n

Intego researchers found OSX\/Shlayer spreading via BitTorrent file sharing sites, appearing as a\u00a0fake Flash Player update when a user attempted to select a link to copy a torrent\u00a0magnet link<\/a>.\u00a0Of course, readers who don’t search for torrents should still be wary;\u00a0fake Flash Player alerts can be found in many places on the Web.<\/p>\n

\"\"OSX\/Shlayer is both a Trojan horse<\/strong>\u2014meaning that it masquerades as something that it’s not,\u00a0in this case a Flash Player installer\u2014and a dropper<\/strong>, meaning that its main purpose is to download a secondary infection.<\/p>\n

Intego observed variants of\u00a0OSX\/Shlayer downloading and installing\u00a0OSX\/MacOffers<\/strong>\u00a0or\u00a0OSX\/Bundlore<\/strong> adware onto infected Macs.<\/p>\n

Intego VirusBarrier\u00a0was the first anti-virus software to detect this malware;\u00a0its\u00a0three variants\u00a0are detected as\u00a0OSX\/Shlayer.A<\/strong>,\u00a0OSX\/Shlayer.B<\/strong>, and\u00a0OSX\/Shlayer.C<\/strong>. VirusBarrier also detects the secondary adware infections.<\/p>\n

For more details about OSX\/Shlayer, shell scripts, and code signing, see our featured article:<\/p>\n

OSX\/Shlayer: New Mac malware comes out of its shell<\/a><\/p><\/blockquote>\n