Although the Shlayer Trojan is not the most complicated to program and not to remove (using the appropriate software), so far it is the virus that has the most presence on Mac devices. This virus prefers the macOS operating system and it shows because according to a study its presence is nothing more and nothing less than one in ten.
But it is also It has been operating for two years. So it is not only "popular" but it is also resistant and that is not sophisticated at all, but the trick is that since it was identified in 2018, it has had more than 32.000 variants.
The Shlayer Trojan. Veteran and strong on macOS
Discovered in 2018, the Shlayer Trojan still exists in its more than thirty thousand variants. It is not a very sophisticated virus but it is enough for one in ten macOS users to have it implanted on their Mac. The maximum activity of this virus was in November 2018 and the following year it was already at 30% of Apple machines.
Shlayer continues to work in the same way since its inception. They collect IDs and system versions, download a file to a temporary directory, run their download, and then remove any trace of their presence on the computer. It usually works by trying to fool the user by showing a pop-up window advising them to update the Flash player.
When we click on the download Flash button, what we are actually doing is downloading the Shlayer Trojan. Although it does not damage the machine itself, what it does is recover malicious code, generally adware. One of the most common variants is to add a extension in Safari And although it should ask the user for permission to install it, it still manages to avoid that message and send another one saying that the installation was completed successfully. By actually clicking the accept button, the virus is actually installed.
The normal thing is that you notice that your computer is infected because Since then you will see that you are being bombarded by ads everywhere you browse, making it almost impossible to move around the Internet normally.
How to get rid of this Trojan. (under your responsability)
Although we have told you that you may never find out that you have the virus on your computer due to the more than 32.000 variants it has, It's always good to know how we can get rid of it, just in case. Taking into account that 1 in 10 Macs can be infected, I would like to know how to eliminate it.
You can do it manually (if the problem is in Safari) or through specialized applications in these topics. We are going to teach you to do it in a way that will take you a long time and that also carries some risks if you do not know which files you are studying and worst of all deleting. So if you are going to follow this tutorial, you do it at your own risk:
- We close Safari completely
- We open the activity monitor and we observe if there is an inappropriate process that may be affecting the computer.
- If there is any weird process running, click on the button that says "sample" and copy the content and analyze it for example through this page.
- Nothing detected: we continue to examine the processes.
- Some malware like Slhayer has been detected: You must delete the malicious files (at your own risk, because you may be deleting necessary files on macOS).
If we continue to have problems:
- Must restart Safari in safe mode. Pressing the shift key at the same time we open the program. This will prevent previously opened Safari pages from reloading.
- We go to Preferences in the Safari menu> Extensions
- Select and uninstall any extensions you don't recognize by clicking the uninstall button.
- Back in Safari Preferences, we go to the tab Privacy and we delete all stored data from the websites.
- Clear your browsing history.
The problem should have been fixed. Otherwise, the virus may have some branching elsewhere in macOS. At this time it is highly recommended to use an antivirus program on the market.