Laughably Unsophisticated Mac Malware

Major malware infections on macOS are quite rare but the operating system is, by no means, immune to what Windows users have had to endure for decades. Over the last two years macOS users have been pestered by Shlayer and all the pirated videos it promises to provide the unsuspecting victim:

An analysis Kaspersky Lab published on Thursday says that Shlayer is “a rather ordinary piece of malware” that, except for a recent variant based on a Python script, was built on Bash commands. Under the hood, the workflow for all versions is similar: they collect IDs and system versions and, based on that information, download and execute a file. The download is then deleted to remote traces of an infection. Shlayer also uses curl with the combination of options -f0L, which Thursday’s post said “is basically the calling card of the entire family.”

Another banal detail about Shlayer is its previously mentioned infected method. It’s seeded in links that promise pirated versions of commercial software, episodes of TV shows, or live feeds of sports matches. Once users click, they receive a notice that they should install a Flash update. Never mind that Flash has been effectively deprecated for years and that platforms offering warez and pirated content are a known breeding ground for malware.

Unless you have good self control, good web browsing hygiene, and common sense, stay away from web sites offering pirated content. Is that one free pirated movie worth all the work to rebuild your computer after it gets infected with some malware it should never have in the first place?