New malware tricks victims into bypassing Apple’s built-in macOS security protections

New macOS malware disguised as a Flash Player has been discovered by Cyber security company Intego. It is actively spreading through malicious results in Google searches.

The malware is delivered as a Trojan horse application on a .dmg disk image, masquerading as an Adobe Flash Player installer. And is specifically designed to circumvent macOS Catalina’s security measures.

This new trojan is capable of bypassing MacOS Catalina security precautions by redirecting users to malicious webpages, claiming that a browser’s Flash Player is out of date and guides the user through the steps necessary to install current version.

The malware has been able to avoid detection by most antivirus softwares so far. Intego identifies the new malware as unique new variants of OSX/Shlayer, the original variant of which was first discovered by Intego in 2018 and OSX/Bundlore with similarities to past versions of OSX/MacOffers and Mughthesec/BundleMeUp/Adload.

The following SHA256 hashes have been observed so far from this malware campaign: flashInstaller.dmv in Downloads; a file or a file named “Installer” in a subfolder in private/var/folders. Intego has reported the known-malicious search results to Google.

To avoid the malware Adcy recommends clicking on trustworthy links and install software directly from the manufacturer’s website. Avoid any website that asks to download anything unsolicited.