SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.shlayer (Back to overview)

Shlayer

According to PCrisk, Shlayer is a trojan-type virus designed to proliferate various adware and other unwanted applications, and promote fake search engines. It is typically disguised as a Adobe Flash Player installer and various software cracking tools.

In most cases, users encounter this virus when visiting dubious Torrent websites that are full of intrusive advertisements and deceptive downloads.

References
2022-05-06CrowdStrikePaul-Danut Urian
@online{urian:20220506:macos:59df492, author = {Paul-Danut Urian}, title = {{macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis}}, date = {2022-05-06}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-crowdstrike-analyzes-macos-malware-to-optimize-automated-detection-capabilities}, language = {English}, urldate = {2022-05-11} } macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis
EvilQuest FlashBack Shlayer XCSSET
2022-04-15Center for Internet SecurityCIS
@online{cis:20220415:top:62c8245, author = {CIS}, title = {{Top 10 Malware March 2022}}, date = {2022-04-15}, organization = {Center for Internet Security}, url = {https://www.cisecurity.org/insights/blog/top-10-malware-march-2022}, language = {English}, urldate = {2023-02-17} } Top 10 Malware March 2022
Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus
2021-07-19CrowdStrikeAspen Lindblom, Joseph Godwin, Chris Sheldon
@online{lindblom:20210719:shlayer:5fc616d, author = {Aspen Lindblom and Joseph Godwin and Chris Sheldon}, title = {{Shlayer Malvertising Campaigns Still Using Flash Update Disguise}}, date = {2021-07-19}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/shlayer-malvertising-campaigns-still-using-flash-update-disguise/}, language = {English}, urldate = {2021-07-26} } Shlayer Malvertising Campaigns Still Using Flash Update Disguise
Shlayer
2021-04-27Medium Cedric OwensCedric Owens
@online{owens:20210427:macos:489e558, author = {Cedric Owens}, title = {{macOS Gatekeeper Bypass (2021 Edition)}}, date = {2021-04-27}, organization = {Medium Cedric Owens}, url = {https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508}, language = {English}, urldate = {2021-04-29} } macOS Gatekeeper Bypass (2021 Edition)
Shlayer
2021-04-26Objective-SeePatrick Wardle
@online{wardle:20210426:all:9cbbc8c, author = {Patrick Wardle}, title = {{All Your Macs Are Belong To Us: bypassing macOS's file quarantine, gatekeeper, and notarization requirements}}, date = {2021-04-26}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x64.html}, language = {English}, urldate = {2021-04-29} } All Your Macs Are Belong To Us: bypassing macOS's file quarantine, gatekeeper, and notarization requirements
Shlayer
2021-04-26Jamf BlogJaron Bradley
@online{bradley:20210426:shlayer:1802a7d, author = {Jaron Bradley}, title = {{Shlayer malware abusing Gatekeeper bypass on macOS}}, date = {2021-04-26}, organization = {Jamf Blog}, url = {https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/}, language = {English}, urldate = {2021-04-29} } Shlayer malware abusing Gatekeeper bypass on macOS
Shlayer
2021-03-31Red CanaryRed Canary
@techreport{canary:20210331:2021:cd81f2d, author = {Red Canary}, title = {{2021 Threat Detection Report}}, date = {2021-03-31}, institution = {Red Canary}, url = {https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf}, language = {English}, urldate = {2021-04-06} } 2021 Threat Detection Report
Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot
2020-12-10US-CERTUS-CERT, FBI, MS-ISAC
@online{uscert:20201210:alert:a5ec77e, author = {US-CERT and FBI and MS-ISAC}, title = {{Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data}}, date = {2020-12-10}, organization = {US-CERT}, url = {https://us-cert.cisa.gov/ncas/alerts/aa20-345a}, language = {English}, urldate = {2020-12-11} } Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus
2020-01-23ThreatpostTara Seals
@online{seals:20200123:shlayer:b69a503, author = {Tara Seals}, title = {{Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia}}, date = {2020-01-23}, organization = {Threatpost}, url = {https://threatpost.com/shlayer-mac-youtube-wikipedia/152146/}, language = {English}, urldate = {2020-01-26} } Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia
Shlayer

There is no Yara-Signature yet.