To obtain Shlayer as part of a software crack, BitTorrent sites are also to blame. To pick up one of these fake Adobe Flash Player installers, one must wander around BitTorrent sites and it’ll surely pop up.
How are Macs getting infected?Īs with the previously discovered Shlayer malware variants, this one comes as either a fake Adobe Flash Player or a crack (patch) to some kind of paid software. While we did not observe this behavior in our tests, we did find a few other interesting things. It installs a configuration profile that forces a browser’s homepage to be set as “chumsearchcom.” This profile would take control of the homepage settings in Safari and Chrome and also set the “Open new window with” or “Open new tab with” settings to use the Chumsearch URL. Today, Thomas Reed reported on a new variant of OSX/Shlayer that uses new tricks to get its job done.
OSX/Shlayer was also found in torrent downloads as part of (or pretending to be) software cracks. Last February, Intego researchers discovered a new variant of the OSX/Shlayer malware, disguising itself as an Adobe Flash Player update to infect systems with adware. Malware New OSX/Shlayer Malware Variant Found Using a Dirty New Trick
