News - Confiant

1 Million Macs Exposed to Malvertising Scam

Written by Tom's Guide | Mar 21, 2019 4:00:00 AM

A malvertising campaign has been targeting Macs since at least mid-January, with at least a million machines exposed, security firm Confiant said in a blog posting this week.

The malicious ads lure users into updating their Adobe Flash players—but that update is really a downloader called Shlayer that opens up the Mac to even more malware. To evade malware screeners, the ads first load normally, but then draw in malicious content from a Firebase, a Google-hosted online data repository designed for mobile-app makers.

Unfortunately, not that many Mac antivirus brands recognized the Shlayer malware signature yet. As of this writing on Thursday afternoon (March 21), the corporate siblings Avast and AVG did, as did Avira and Bitdefender and their licensees (Emsisoft, F-Secure, GData and Qihoo 360), plus a couple of others. But dozens of other antimalware engines listed on the VirusTotal page for Shlayer's signature let the malware slip by.

Our advice would be to ignore any pop-up windows suggesting that you update Flash Player, especially if you're using Safari, which Shlayer seems to prefer. (Go to the official Flash update page at https://get.adobe.com/flashplayer/ instead.) Alternately, you could use an ad blocker.

Read Complete Article: https://www.tomsguide.com/us/mac-malvertising-google-firebase,news-29700.html