Skip to main content

Home Shlayer


Also known as: -

Category: Malware

Type: Trojan

Platform: macOS

Variants: -

Damage potential: Data exfiltration, data breach, identity theft 


Shlayer is a trojan type malware that was first spotted in 2018 and peaked in April 2021. Initially, attackers distributed Shlayer through peer-to-peer networks and malicious ads or disguised it as an Adobe Flash Player installer. In 2021, they exploited a zero-day vulnerability in Apple’s Gatekeeper (a security feature of the operating system) to spread the trojan widely. Apple patched this vulnerability with macOS version 11.3, leading to a significant drop in Shlayer infections. Consequently, attackers went back to previous means of distributing this malware. 

Once on a device, Shlayer collects sensitive information such as the user's browsing data (e.g. search queries, pages visited, etc.), IP address, and geo-location. In turn, attackers sell this data to third parties to generate revenue.

Possible symptoms

If Shlayer malware infiltrated your device, you might notice abnormalities in system behavior, such as:

  • Sluggish system performance or frequent crashes. 
  • Increased network activity.
  • Unfamiliar browser extensions.
  • More ads and pop-ups than usual.
  • Redirects to suspicious websites. 

Sources of infection

Cybercriminals often use social engineering to trick users into downloading Shlayer onto their devices. Fake software updates and browser extensions, trojanized apps, and malicious pop-ups and ads are the common sources of infection for this trojan. Besides these, Shlayer is capable of exploiting system vulnerabilities and spreading through SEO poisoning. 


  • Do not download software or files from unofficial sources, and be skeptical of software updates that come as an email or a pop-up. 
  • Be wary of peer-to-peer networks.
  • Block shady websites, scan downloads for viruses, and avoid malicious ads and pop-ups with NordVPN’s Threat Protection Pro. 
  • Install reliable antivirus software and update it regularly. 
  • Keep your operating system updated to benefit from the recent security patches. 


Here’s how you can remove Shlayer from your computer with antivirus software: 

  • Disconnect your device from the internet. 
  • Boot into safe mode. 
  • Run a full system scan using your antivirus solution. 
  • Consult an IT professional if the infection persists.