#Fake mac cleaner virus install
If you’ve perhaps been saddled with other types of adware, delete that as well.įor those who haven’t been hit but want to remain adware-free, be careful what apps you download and install on your machine.
If your computer has been hit with this variant of Mughthesec, delete the unwanted apps and the “Any Search” browser extension, and unload and delete the Mughthesec launch agent (~/Library/LaunchAgents/). Wardle posits that the malware is delivered to end user via malicious ads and/or pop-ups, and it all points to it being a newer variant of a previously flagged adware dubbed Safe Finder/Operator Mac. Naturally, to “fix” them, the user has to pay. The result of the installation? A hijacked Safari homepage (made to point to a search page), an installed Safari extension (AnySearch) that changes the search engine in the Safari address bar, injected ads, and a panic-inducing alert by Advanced Mac Cleaner, which apparently found many issues affecting the computer. If not, it will reach out to a C&C server, and then ask the victim to install a fake, scammy utility app (Advanced Mac Cleaner), a piece of adware (Safe Finder), and browser hijacker (): The disk image was made to look like it was a Adobe Flash installer, and if it detects that it is being run in a virtual machine, it will install only a legitimate copy of Flash. Interestingly enough, both files were signed with the same valid developer certificate, which Apple revoked soon after Wardle’s analysis. Wardle even managed to get his hands on the adware’s original installer and tested it on VirusTotal.
Thus, if you found this app on your Mac machine all of a sudden, you need to make sure you get rid of it as soon as possible, as it can seriously compromise your security and result in data, as well as money loss.
#Fake mac cleaner virus zip
The sample analyzed by security researcher Patrick Wardle was not detected by a Mac AV solution, and it was lifted directly from an infected MacBook, after being spotted by a user. If that is not enough, Advanced Mac Cleaner virus is notorious for being distributed via fake Adobe Flash updates, MPlayerX, 7 zip installers and is often promoted by technical support scam sites like Your system is infected with 3 viruses. The malware has been dubbed Mughthesec, after the name of the app and the launch agent it installs on the target machine. The latest example falls more in the category of “potentially unwanted software” than outright “malware,” but it could easily be made to saddle users with more malicious threats. Mac malware is still a rare occurrence, so it’s no wonder that some of it can lurk, unnoticed for months, on random machines.
0 kommentar(er)
