TrojanDownloader:MacOS/Shlayer.A!xp

Guidance for end-users

• Keep your operating system and antivirus products up to date. Customers utilizing automatic updates do not need to take additional action

Take these steps to help prevent malware infection on your computer.

Guidance for enterprise administrators and Microsoft 365 Defender customers

Apply these mitigations to reduce the impact of this threat.

• Configure security software to automatically download and install updates.
• Educate end-users about preventing malware infections. Ensure they are aware of the risks associated with downloading and installing software from untrusted sources and of clicking ads or other links in unfamiliar websites.
• Use application control to prevent the use of unauthorized apps and services.
• Encourage users to use Microsoft Edge—available on macOS and various platforms—and other web browsers that support Microsoft Defender SmartScreen, which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that contain exploits and host malware.

• Turn on cloud-delivered protection in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a huge majority of new and unknown variants.
• Turn on tamper protection features to prevent attackers from stopping security services.
• Run EDR in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus doesn’t detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach.
• Enable network protection to prevent applications or users from accessing malicious domains and other malicious content on the internet.
• Enable investigation and remediation in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume.
• Use device discovery to increase your visibility into your network by finding unmanaged devices on your network and onboarding them to Microsoft Defender for Endpoint.