Bogus Flash Player update targets millions of Mac users with adware

The concept of using stenography to place malware in images is not a new one, however, it can still be very effective when used properly. It is this reality that researchers have discovered in a massive campaign is currently affecting Mac users by the millions. The research was a joint effort between Confiant and Malwarebytes, according to a blog post by Confiant, and it exposed how Mac users are being exposed to Shlayer malware.

How the campaign operates is by hiding the malware in such a way that it is thought to be a Flash Player update. The Mac user clicks on the image (which is an advertisement) and is then tricked into being redirected to the download page of the Shlayer malware (shown as the Flash update). Not only does the malware itself do damage, but according to Jerome Segura of Malwarebytes, it acts as a “dropper for additional payloads, most notably Adware,” and consequently, users “may notice their machines running slower than normal and may be tricked into purchasing applications that they do not need.”

The blog post by Confiant showed the following statistics about the adware attack, which will be quoted below:

At its peak the full scale of this specific attack triggered over 5 million times per day. The revenue impact of those 5 million malicious impressions needs to be measured from a multitude of different facets. You have the publisher who loses money directly from the interrupted user sessions, and loses future money from the increased ad blocking usage and user trust loss. There are the ad exchanges who had their inventory access cut off while they battled the infection and will have had some publishers pull their inventory out permanently. The advertisers will get hit with the resulting ad fraud from the infected devices. And let’s not disregard the user, who now has an infected device.

Estimated all together, Confiant benchmarks the cost impact for just that Jan. 11 peak alone to have been over $1.2 million. When you consider that this was just one of multiple hundreds attacks Confiant has caught and blocked over the past month alone, the scale of the issues facing the digital ad industry becomes clearer.

The post makes it clear that the threat actor, dubbed VeryMal, is a deviant trickster who is able to quickly change tactics and attack methodology. The focus currently has been on infecting Mac/IOS users in the United States with adware, but now that their operation is being revealed, they will likely change their attack patterns. At the moment the best thing that users, of any form of Internet-connected technology, can do is practice safe browsing and always be suspicious of updates or proposed downloads not initiated by the user. Having a strong malware-blocking and clean-up software is also a must if you do accidentally infect your device.

Stay vigilant out there, the Internet is only as safe as you allow it to be.

Featured image: Pixabay

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Facebook creating deep fakes — and for genuinely good reasons

Deep fakes are a catastrophe waiting to happen. Facebook’s attempt to create a tool that differentiates between real and fake…

2 days ago

Microsoft Intune gets a new streamlined user experience

Microsoft Intune is getting a bunch of new updates that will streamline the administration experience for users of the popular…

2 days ago

SD-WAN: Is this going to be your network of the future?

As businesses evolve into a SaaS/IaaS model for accessing applications, new network technology is crucial. SD-WAN is just such a…

2 days ago

Monitoring Exchange and the rest of your network to avert disasters

What you don’t know about Exchange and your network can come back to bite you. Monitoring Exchange is one way…

3 days ago

Quick tip: Removing warning messages from Azure cmdlets

Warnings are nice, except when they are annoying and unnecessary. Here’s a tip to show you how to remove warning…

3 days ago

Is the Group Policy Central Store still relevant in the age of Windows 10?

Having a Group Policy Central Store in Active Directory made life easier for administrators. But does it still work in…

3 days ago