June 4, 2023

A new Shlayer macOS malware variant which obfuscates itself to sneak past security tools and compromise a target machine.

Dubbed ‘ZShlayer’, the variant does not conform to the original Shlayer signatures, meaning that it can go unnoticed by some malware scanners.

Earlier versions of the original Shlayer malware came as shell script executables on a removable .DMG disk image. This new variant comes using a standard Apple application bundle inside the .DMG.

A new variant of Shlayer utilizes heavily obfuscated Zsh scripts and is in fact far more prolific in the wild.

Fortunately, it seems that ZShlayer infections are currently isolated to users who have downloaded illicit software outside of Apple’s official App Store ecosystem.

Most ZShlayer droppers that I saw are in trojanized cracked software, so the usual caveat applies about avoiding downloading pirated versions of products.

Shlayer, malware which poses as an Adobe Flash software update before infecting Apple operating systems, was first discovered back in February 2019.

The attack represents what’s thought to be the first time that malicious code has gained Apple’s notarization “stamp of approval”.

Apple responded promptly to reports of malfeasance by revoking the developer code-signing certificate abused in the Shlayer-slinging campaign.

Tags:

Leave a Reply

You may have missed

Cisco buys Armorblox

Cisco buys Armorblox

June 3, 2023
CISA KEV Update Part I – May 2023

CISA KEV Update Part I – May 2023

June 3, 2023
Gigabyte Motherboards Backdoor’ed

Gigabyte Motherboards Backdoor’ed

June 3, 2023
MOVEit Vulnerability Exploited in Wild

MOVEit Vulnerability Exploited in Wild

June 2, 2023
CasePoint Suffers a Data Breach

CasePoint Suffers a Data Breach

June 2, 2023
CyberArk Identity Security Web Browser

CyberArk Identity Security Web Browser

June 1, 2023
%d bloggers like this: