A new variant of the multi-stage Shlayer malware known to target Mac users has been observed in the wild. The new malware version is also distributed as a malicious Adobe Flash software update, but unlike the original version which was pushed through torrent websites, Shlayer is now spreading as fake update pop-ups on hijacked domains or as part of malvertising campaigns running on legitimate websites. The malware is capable to escalate privileges using a two-year-old technique and to disable the Gatekeeper protection mechanism to run unsigned second stage payloads.
Source: https://www.bleepingcomputer.com/news/security/shlayer-malware-disables-macos-gatekeeper-to-run-unsigned-payloads/