Shlayer Trojan - How to remove

Shlayer Trojan is malware that targets Mac users with fake Flash Player updates and installs adware on their devices. It’s an extremely popular trojan that’s attempted to infect millions of Macs around the world. Those who got Shlayer Trojan see their apps crash, their internet connection slow down, and pop-up ads in their browser and desktop.

Shlayer Trojan is a dangerous Mac infection that should be removed as soon as it’s discovered:

Type of threat Spyware,


browser hijacker.

Shlayer Trojan infection symptoms Crashing online apps (browser, email, etc.),

more ads than expected in the browser,

browser search result page changed,

unfamiliar apps installed and can’t be removed.

Causes of the infection Deceptive ads on pirating websites.
How to deal with Shlayer Trojan Remove malware with a malware remover (Combo Cleaner, etc.),

change passwords,

be careful of future attacks, like phishing emails,

block malicious websites.

Dangers of the Shlayer Trojan

Usually, Macs are safer than PCs. There are a few reasons for that: Windows is more popular globally and Windows software doesn’t need to be approved and released on any sort of app store, so releasing software (including malware) is easier.

Although Macs are safer than PCs, they are not completely secure. And as Mac OS is getting more popular, criminals are becoming more interested in the market. After all, they’re always looking for new ways to make a profit.

Shlayer Trojan is one of the most popular Mac infections and it can be pretty serious:

  • it can download and install a bunch of adware and spyware apps that are really hard to remove,
  • it can hijack your web traffic by changing your network settings,
  • pop-up ads and redirects plague the hijacked traffic.

Shlayer Trojan affects victims differently. Some might not notice anything strange. Others can’t use their Mac normally anymore because of endless technical problems. Shlayer Trojan’s goal isn’t to break your Mac, it’s to make money by showing you more ads, by stealing your personal information, and by tricking you to pay money to scammers. So, it will download whatever malware it deems might work on your Mac. Even if you remove the malware, as long as Shlayer Trojan is still in the system, the issues will continue. Plus, it’s easy to get reinfected.

At worst, if Shlayer Trojan infected your Mac, you may lose some money, have your identity sold to scammers, start receiving targeted phishing mail, have some of your online accounts hacked, and have unauthorized purchases made with your credit card. These are the possibilities – they might not come to pass, if you’re careful or lucky.

Shlayer Trojan spreads with fake software updates

Malicious ads

If Shlayer Trojan is one of the most popular Mac malware out there, it has to be because of some very sophisticated distribution method, right? Well, no. It just seems to be malicious ads that tell you to update your Flash Player.

I remember reading in Apple support forums a victim of Shlayer Trojan (though I didn’t realize that at the time) say something like “I don’t know where I got this, I didn’t install anything, I just updated my software”.

Mac - fake software update pop-ups.

Well yeah, Shlayer Trojan is downloaded from these fake Adobe Flash and other software update links. They’re pretty realistic, too – draggable, and they look like system pop-ups for the Mac OS light theme.  In reality, they’re elements of a malicious website. With a few hours of web development training, you and anyone could create a pop-up like that.

These fake pop-ups appear not just anywhere on the web. Most ad-networks and reputable websites wouldn’t allow this type of ad. But some websites don’t care. Pirating sites for TV shows, movies, games, including streaming and download sites are the biggest culprits. On illegal websites, there isn’t always a community to review files and stop bad actors. And these sites can’t get ads from many decent advertisers because not a lot of people want to work with an illegal site. Pirating is pretty dangerous, this isn’t just a story told to keep children on the straight and narrow.

Shlayer Trojan pop-ups also infect old, abandoned sites. Links to these sites may still appear in old articles, descriptions, and forum posts. But if the site has been abandoned since and fallen into the hands of criminals, visiting it now is very risky because it will automatically redirect to some ad for a betting site, options trading scheme, or a malicious site.

Shlayer Trojan spreads with fake Adobe Flash updates.

Deceptive installation process

According to Kaspersky's analysis, Shlayer Trojan first changes your network settings to hijack your web traffic and installs a malicious browser extension, such as SystemSpot, FocusProvide, TechLetterSearch, or another version to Safari. As a result, people see their online apps crashing and they get this super-annoying app that’s nearly impossible to get rid of. Before that, Shlayer Trojan may try to push Any Search Manager on you. These infections can be really tricky to remove manually.

Like other Mac malware, Shlayer Trojan uses tricks like overlaying windows to get you to click on buttons and grant permissions to malware. It’s when a fake window with a benign button is put on top of a serious system warning. Clicking the button on the top window actually triggers the system warning button. Rightfully, some people are suspicious of that.

How to protect yourself from Shlayer Trojan

It’s possible to just never encounter any fake Flash Player update ads because you don’t visit the sorts of websites that show them. But it’s totally possible for legitimate and reputable ads, ad-networks, and sites to get temporarily infected by malicious actors. So, we’re never completely safe, no matter how secure our browsing habits are. That’s why it’s good to have an anti-malware program installed on your Mac (like Combo Cleaner). Or at least an ad-blocker.

Remember that fake updates and installers are a pretty common way for malware to spread. This includes fake Flash Player installers, fake browser update pop-ups, system updates, and browser extensions. If a website is telling you that you need to install something to access content, always think twice.

If you suspect that your Mac has been infected with Shlayer Trojan, scan your computer as soon as possible. Use a trusted anti-malware program, such as Combo Cleaner (it’s pretty good) or maybe one of the detectors on this VirusTotal page. Most paid antivirus programs offer free scans.

If you do find Shlayer Trojan or related malware on your computer, you should remove it, probably with an antivirus program, but that’s not all. After removing it, you should change your passwords and keep an eye on your credit card account to make sure it hasn’t been stolen. And watch out for targeted phishing attacks. If any of your personal data was stolen, that could haunt you for years in the future.

Automatic Malware removal tools

Download Spyhunter for Malware detection

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Leave a Reply

Your email address will not be published. Required fields are marked *