According to a recent Kaspersky investigation, the “Shlayer” malware—which deploys an “Any Search” bar on a victim’s computer through fake Adobe Flash updates, of all things—is the most popular Mac malware. Ars Technica has a detailed breakdown of the investigation that is worth a read, but you should know the easy way to keep your Mac safe from Shlayer (and a host of other malware, too).
How to prevent Shlayer malware attacks
The easiest way to avoid Shlayer is to be smarter about what you’re clicking on.
Sure, most malware and adware-deploying ads can be circumvented with an adblocking browser or content-blocking extension, and an anti-virus or anti-malware program will catch threats before they’re installed and remove malicious software from your Mac if you’ve already been infected. You shouldn’t need to rely on extra software to spot potential malware attacks masquerading as Flash Player updates, video plugins, or pirated content at this point.
Shlayer itself might be a few years old, but the classic malware setup is using fake Flash Player downloads to install crap you don’t want. Seriously, it’s one of the oldest malware deployment methods out there. Besides, Flash has been largely abandoned by web developers, and will soon lose legacy support on Chrome and other web browsers.
There’s no reason to install, update, or use Flash Player to access online content in 2020, save for very rare exceptions—and no, none of those exceptions include watching illegal streams of sporting events or leaked movies. If you need to download Flash, get it directly from Adobe. Nowhere else.
I could see being duped by malware attacks like this back when streaming and rental services didn’t exist, but most content can now be conveniently accessed through cheap, legal means. So if you’re being asked to update your Flash player or install software in order to watch an NBA game, download “free” pirated software, access a celebrity’s leaked nude photos, or whatever else, it’s 99.999% a fake link that will install malware on your computer. Worse, you probably won’t even get whatever it was you were trying to download in the first place. Insult to injury, indeed.