The adware-dropping Shlayer Trojan accounted for nearly 30% of all attacks on macOS devices throughout last year.
Researchers at Kaspersky Labs identified Shlayer as the most common threat to target its macOS userbase over the course of the last two years. The security firm said that one in ten macOS systems encountered the malware at least once.
The trojan spreads in a rather unorthodox manner, directing unsuspecting users to legitimate sites with millions of visitors, especially YouTube and Wikipedia. According to Kaspersky, malicious links are embedded in video descriptions on YouTube and article references on Wikipedia.
Shlayer’s “promotional team” approaches website owners or YouTubers, offering them lucrative monetary gains if they promote the malicious link to their visitors. There are currently more than 1000 partner websites distributing the trojan.
“Shlayer spreads via a partner network of thousands of websites, often targeting visitors of legitimate sites, including YouTube and Wikipedia,” Kaspersky said in its code analysis document.
The targets are most often American users interested in pop culture, the newest movie releases, sports and TV shows.
Although Shlayer does not cause any actual harm in its current form, Kaspersky is warning that the trojan could grow sharper teeth in the future.