Shlayer

Shlayer is a macOS trojan first discovered by researchers at Intego in February 2018. It was first distributed masquerading as an Adobe Flash Player installer. This new variant is being distributed in a similar fashion, this time as an Adobe Flash update via browser pop-ups on hijacked or spoofed websites. In addition, malvertising has also been observed as another distribution method in this new campaign. The new campaign was discovered by Carbon Black’s Threat Analysis Unit (TAU). It was targeting all macOS released up to 10.14.3 Mojave, arriving as files signed by a legitimate Apple developer ID

References: https://www.bleepingcomputer.com/news/security/shlayer-malware-disables-macos-gatekeeper-to-run-unsigned-payloads/ https://speakerdeck.com/patrickwardle/defcon-2017-death-by-1000-installers-its-all-broken?slide=8