Many people think that malware only targets Windows and that Macs are safe, but a new report shows how a single Apple malware called Shlayer has attacked over 10% of all Apple computers monitored by an antivirus company.
Instead of distributing the Shlayer Trojan via phishing attacks or through other malware, the threat actors focus on trending events or popular shows and then build fake web sites surrounding them.
…
Apple users visit these fake sites through search results, links in YouTube videos, and even links in Wikipedia articles. When visiting these sites, instead of being greeted with a video to watch, they are told they need to first update Flash Player.
These Flash Player updates, though, are the Shlayer Trojan and when executed will install a malware cocktail onto the computer.
…
When browsing the web, if any site states that you must install an update to watch a video or perform an activity, immediately leave that site.
More at: https://threatpost.com/shlayer-mac-youtube-wikipedia/152146/