This nasty malware hit 1 out of every 10 Macs last year

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.
(Image credit: robert coolen/Shutterstock)

A single malvertising Trojan conducted nearly 30% of all Mac malware attacks spotted last year by Kaspersky antivirus software, Kaspersky researchers said today (Jan. 23) in an official blog post.

We've written about the Shlayer Mac Trojan before, but it shows little sign of going away. One out of every 10 Macs running Kaspersky antivirus software for Macs encountered Shlayer, the company said in a press release. 

Of the top 10 most prevalent Mac threats encountered by Mac users, most were adware that Shlayer itself downloads and installs in secondary infections.

Links to Shlayer-infected pages are showing up in user-posted content on YouTube and Wikipedia, the Kaspersky researchers write, often because the owners of one-legitimate sites let the registrations lapse and criminals snatch them up.

A list of Wikipedia references, with one underlined in red.

A list of Wikipedia entry references, with a link to a page distributed the Shlayer Mac malware outlined in red. (Image credit: Kaspersky)

Sports and video-streaming fans are especially susceptible, because Shlayer often masquerades as Adobe Flash Player or other video software. Shlayer also pops up in malicious online ads.

If you get infected by Shlayer, you'll see many more ads pop up on your screen, some of which will tell you that you're infected and need to buy (bogus) antivirus software. Your search results may be hijacked by strange search engines, and your browsing habits may be tracked by even more people than usual.

The silver lining, if there is one, is that Shlayer, despite being malware itself, is for now only interested in propagating adware, which is more annoying than harmful. But it could easily flip a switch and start installing truly dangerous Mac malware.

To avoid infection by Shlayer or any kind of Mac malware, be sure you're running some of the best Mac antivirus software.

If you're presented with a dialogue box insisting that you need to update Adobe Flash Player, go to the official Adobe page at instead. If you're asked to install some random video player you've never heard of, don't do it.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.