Bogus Flash Player update targets millions of Mac users with adware

The concept of using stenography to place malware in images is not a new one, however, it can still be very effective when used properly. It is this reality that researchers have discovered in a massive campaign is currently affecting Mac users by the millions. The research was a joint effort between Confiant and Malwarebytes, according to a blog post by Confiant, and it exposed how Mac users are being exposed to Shlayer malware.

How the campaign operates is by hiding the malware in such a way that it is thought to be a Flash Player update. The Mac user clicks on the image (which is an advertisement) and is then tricked into being redirected to the download page of the Shlayer malware (shown as the Flash update). Not only does the malware itself do damage, but according to Jerome Segura of Malwarebytes, it acts as a “dropper for additional payloads, most notably Adware,” and consequently, users “may notice their machines running slower than normal and may be tricked into purchasing applications that they do not need.”

The blog post by Confiant showed the following statistics about the adware attack, which will be quoted below:

At its peak the full scale of this specific attack triggered over 5 million times per day. The revenue impact of those 5 million malicious impressions needs to be measured from a multitude of different facets. You have the publisher who loses money directly from the interrupted user sessions, and loses future money from the increased ad blocking usage and user trust loss. There are the ad exchanges who had their inventory access cut off while they battled the infection and will have had some publishers pull their inventory out permanently. The advertisers will get hit with the resulting ad fraud from the infected devices. And let’s not disregard the user, who now has an infected device.

Estimated all together, Confiant benchmarks the cost impact for just that Jan. 11 peak alone to have been over $1.2 million. When you consider that this was just one of multiple hundreds attacks Confiant has caught and blocked over the past month alone, the scale of the issues facing the digital ad industry becomes clearer.

The post makes it clear that the threat actor, dubbed VeryMal, is a deviant trickster who is able to quickly change tactics and attack methodology. The focus currently has been on infecting Mac/IOS users in the United States with adware, but now that their operation is being revealed, they will likely change their attack patterns. At the moment the best thing that users, of any form of Internet-connected technology, can do is practice safe browsing and always be suspicious of updates or proposed downloads not initiated by the user. Having a strong malware-blocking and clean-up software is also a must if you do accidentally infect your device.

Stay vigilant out there, the Internet is only as safe as you allow it to be.

Featured image: Pixabay

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Contactless payments are hot, but are they secure?

The trend to contactless payments has accelerated as retailers and consumers adjust to COVID-19 realities.…

4 hours ago

Season’s fleecings: CISA warns on holiday shopping scams

The U.S. Department of Homeland Security is warning that online holiday shopping scams may be…

8 hours ago

Azure DNS: Using Azure DevOps to protect public DNS zones

This in-depth tutorial shows you how to use features available in Azure DevOps to boost…

11 hours ago

Report: Baidu Android apps had potential to expose data

Two apps from Chinese tech giant Baidu that had been available in the Google Play…

1 day ago

Shining a light on the dark shadow cast by shadow IT

Employees who don’t have the tools to get their jobs done sometimes turn to the…

1 day ago

Microsoft 365 troubleshooting: Diagnostic tools at your fingertips

Many Exchange Server troubleshooting tools don’t work with Microsoft 365. Fortunately, Microsoft has a bunch…

4 days ago