Another item of Mac infection is known. Etc. specially, stability experts ran into a new version of the so-called Shlayer malicious software, which has been targeting macOS people. Shlayer is a multi-step threat, and in its up-to-date variation it has collected privilege escalation abilities.
The malicious software can moreover immobilize Gatekeeper to run unsigned second phase payloads. The Shlayer viruses was at the start identified in February 2018 by Intego experts. The up-to-date version regardless was detected by Carbon Black’s malware inspection Unit.
(adsbygoogle = window.adsbygoogle || ).Push({});
The threat is at the present moment being distribute in the order of downloads from various web pages, masked as an Adobe Flash upgrade.
A great many of of the websites diverting to the bogus updates have been masquerading as good webpages, or taken over domains formerly hosting good webpages, and some look to be taken from malvertisements on good webpages, Carbon Black stated.
The samples studied by the professionals are affecting macOS variants from 10.10.5 to 10.14.3, alongside macOS being the sole target so far.
According to the article:
The malignant script in the DMG document is encoded together with base64 and shall decode a second AES encoded script. The latter is altered to be achieved in an automatic way after being restored.
It is the she second script that commits the following evil processes, as per the article:
Windows .exe File Bypasses Gatekeeper and Downloads Malware on Macs macOS Mojave Privacy Bug Allows Malicious Apps to Access Restricted Data
Then the malware will download more payloads in the form of adware. The analysts declare that Shlayer infections assures the payloads shall run by incapacitating Gatekeeper.
Earlier this is being done, the minute phase payloads shall seem to be whitelisted application as macOS won’t investigate whether they are signed alongside an Apple author ID. And if Gatekeeper isn’t successfully disabled, the payloads shall be signed in packages with correct such IDs.
(adsbygoogle = window.adsbygoogle || ).Push({});
In spite of the fact that Shlayer is at the present moment spreading ad-supported, future versions could be spreading more malicious bits. And after all, advertisement supported applications ought to never be undervalued since it could damage macOS’s complete efficiency and could result in further obstacles.
(adsbygoogle = window.adsbygoogle || ).Push({});
Warning, multiple anti-virus scanners have detected possible malware in Gatekeeper.
| Anti-Virus Software | Version | Detection |
|---|---|---|
| Dr.Web | Adware.Searcher.2467 | |
| NANO AntiVirus | 0.26.0.55366 | Trojan.Win32.Searcher.bpjlwd |
| McAfee | 5.600.0.1067 | Win32.Application.OptimizerPro.E |
| McAfee-GW-Edition | 2013 | Win32.Application.OptimizerPro.E |
| Kingsoft AntiVirus | 2013.4.9.267 | Win32.Troj.Generic.a.(kcloud) |
| Baidu-International | 3.5.1.41473 | Trojan.Win32.Agent.peo |
| Tencent | 1.0.0.1 | Win32.Trojan.Bprotector.Wlfh |
| Malwarebytes | 1.75.0.1 | PUP.Optional.Wajam.A |
| K7 AntiVirus | 9.179.12403 | Unwanted-Program ( 00454f261 ) |
| ESET-NOD32 | 8894 | Win32/Wajam.A |
Gatekeeper Behavior
- Installs itself without permissions
- Modifies Desktop and Browser Settings.
- Gatekeeper Deactivates Installed Security Software.
- Shows Fake Security Alerts, Pop-ups and Ads.
- Common Gatekeeper behavior and some other text emplaining som info related to behavior
- Redirect your browser to infected pages.
- Distributes itself through pay-per-install or is bundled with third-party software.
- Changes user's homepage
- Integrates into the web browser via the Gatekeeper browser extension
Gatekeeper effected Windows OS versions
- Windows 10
- Windows 8
- Windows 7
- Windows Vista
- Windows XP
Gatekeeper Geography
Eliminate Gatekeeper from Windows
Delete Gatekeeper from Windows XP:
- Click on Start to open the menu.
- Select Control Panel and go to Add or Remove Programs.
- Choose and remove the unwanted program.
Remove Gatekeeper from your Windows 7 and Vista:
- Open Start menu and select Control Panel.
- Move to Uninstall a program
- Right-click on the unwanted app and pick Uninstall.
Erase Gatekeeper from Windows 8 and 8.1:
- Right-click on the lower-left corner and select Control Panel.
- Choose Uninstall a program and right-click on the unwanted app.
- Click Uninstall .
Delete Gatekeeper from Your Browsers
Gatekeeper Removal from Internet Explorer
- Click on the Gear icon and select Internet Options.
- Go to Advanced tab and click Reset.
- Check Delete personal settings and click Reset again.
- Click Close and select OK.
- Go back to the Gear icon, pick Manage add-ons → Toolbars and Extensions, and delete unwanted extensions.
- Go to Search Providers and choose a new default search engine
Erase Gatekeeper from Mozilla Firefox
- Enter „about:addons“ into the URL field.
- Go to Extensions and delete suspicious browser extensions
- Click on the menu, click the question mark and open Firefox Help. Click on the Refresh Firefox button and select Refresh Firefox to confirm.
Terminate Gatekeeper from Chrome
- Type in „chrome://extensions“ into the URL field and tap Enter.
- Terminate unreliable browser extensions
- Restart Google Chrome.
- Open Chrome menu, click Settings → Show advanced settings, select Reset browser settings, and click Reset (optional).