On the one hand, it may seem a bit surprising that fake Flash Player installers are still an effective Trojan horse.

Why is malware still disguised as Flash Player?įake Flash Player installers are nothing new Intego discovered the first variant of the now-infamous OSX/Flashback Trojan in September 2011, which was widely reported to have infected 600,000 Macs by April 2012, and there were still at least 22,000 Macs infected as of January 2014. That’s interesting for at least a couple of reasons. So what does Shlayer malware look like? It is often delivered in the form of a fake Adobe Flash Player installer. Malware Adobe Flash Player is dead, yet 10% of Macs are infected with fake Flash malwareĪ recent report (covered by Ars Technica, WIRED, and others) claims that OSX/Shlayer- first discovered by Intego in February 2018-continues to be the most prolific Mac malware in the wild, with 1 in 10 Macs infected by it.Īlthough Intego does not currently maintain infection rate statistics of VirusBarrier X9 customers, our malware research team can confirm that Shlayer may be found far and wide: in high-ranking Google search results, in deceptive in-browser advertisements and alerts, on expired domains that have been purchased by malware distributors, and more.