Carbon Black’s Threat Analysis Unit (TAU) recently discovered a new variant of a family of macOS malware which was first discovered in February of 2018 by researchers from Intego. TAU has obtained new samples of this malware and observed downloads of the malware from multiple sites, primarily disguised as an Adobe Flash software update. Many of the sites that we have found to redirect to these fake updates have been those masquerading as legitimate sites, or hijacked domains formerly hosting legitimate sites, and some appear to be redirected from malvertisements on legitimate sites.

https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/