Posted on 08/19/2016 12:27:28 PM PDT by Swordmaker
No 9to5Mac reader is going to be at risk from malware that directs users to a scam website and asks them to download software, but Malwarebytes has discovered a previously unknown piece of Mac malware that could easily fool less technical users.
Thomas Reed, lead researcher at Malwarebytes, told us that he found the malware on a scam page hosted on the official Advanced Mac Cleaner website …
It does rely on a naive user approving a request to install Advanced Mac Cleaner on their machine, but doing so also installs a second app known as Mac File Opener. Reed said that it wasn’t initially obvious how the app could force users to launch it.
Even more intriguing, this app didnt have any apparent mechanism for being launched. It hadnt been added to my login items. There wasnt a new launch agent or daemon designed to load it. It simply seemed to be sitting there, doing nothing.
But some digging found that the Info.plist file within the app defined a list of 232 different file types that it claimed to be able to open. If a user tries to open a file for which they don’t have a corresponding app, it will be opened by Mac File Opener which then presents a reasonably convincing fake version of the normal OS X dialog box advising that no suitable app is installed.
The fake dialog box links to the macfileopener[dot]com website, which downloads other junk PCVARK apps, such as Mac Adware Remover or Mac Space Reviver. All the apps have a valid, Apple-provided developer certificate, so OS X will happily install them without any warning.
It may be worth reminding your less-technical friends to stick to the official Mac App Store, and to ensure that they check for the above fake dialog trying to direct them to the web. Although there is very little Mac malware in the wild, examples do exist, along with a fair sprinkling of scamware.
Glad I don’t buy these over priced malware magnets
PING!
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
There is very little in the way of malware on Macs. Those that do soar, like this one, are quickly eradicated.
Windows, however...
You forgot the sarcasm tag, Arl.
soar = appear
Darn autocorrect.
Soar? I doubt this one has soared. It's on a known malware site which people have been warning about for a couple of years. Even the US government got into the act, suing the publisher for reprehensible marketing activities and requiring them to reimburse ALL of their former customers. What is left is this mere shadow of its former presence trying to attract new and ignorant Mac users who are coming from the Windows community where they are used to having to run something like a cleaner program.
“could easily fool less technical users”
“a naive user”
==
i.e., Mac users.
Oh, OK. Damn autocorrect can come up with some words that DO fit in the context of the sentence. LOL!
Hi long time i mac user what would you suggest for a malware and security soft ware ?
“There is very little in the way of malware on Macs.”
==
I’m reminded of a line from the 1931 version of Dracula - Van Helsing: “The strength of the vampire is that people will not believe in him.”
http://www.digitaltrends.com/computing/can-macs-get-viruses
for later
Uh, no. Mac users are generally more technically savvy than Windows users. They usually know TWO operating systems because the vast majority of the have come from using Windows, or still use Windows at work. They are like bilingual speakers and you are like a person who only speaks one language criticizing the person who can easily speak two languages for electing to use the better language for his preferred use. In this instance, the people who have selected the Mac do so because they KNOW the failings of the other, and have made an educated decision. YOU are not educated in both operating systems. They are.
Swordmaker...
This has been a difficult week on FR with the earthly departure of one FReeper and another announcing his discontinuation from posting due to increasing symptoms.
That said, I just wanted to chime-in here and say THANK YOU, FRiend, for your postings. By choice, we do not own one Apple product but I always enjoy reading your Apple Tech posts and appreciate your PINGS for PC and Android issues.
Thanks and all the best to you!
“They usually know TWO operating systems”
==
Knowing and using are two different things. A person can drive a Ford pickup and Rolls Royce and still have no idea how an internal combustion engine works.
None. Allow OS X to do what it is designed to do. Most third party anti-virus software turns off the built-in protections so they can do what it already does. There are ZERO actual computer viruses for OS X. There have been exactly seven OS X proof-of-concept virus candidates in the last sixteen years and every single one of them failed to infect any target Macs for the same reason: lack of a viable transmission vector and when actually installed on the target Mac by hand, built-in system protections in the target areas prevented them from doing what they were designed to do. Every person who has tried to create a truly self-propagating, self-installing, self-duplicating computer virus for OS X computers over a span of sixteen years has failed miserably.
There are 87 known Trojan applications in seven identified families for OS X Macs. That's it. Those include all of the browser hijackers there are which add ad-ware etc. 87 total malware.
The OS X operating system will identify every single one of those 87 and their families to catch any variations that may pop-up, and alert the user that he or she is downloading, installing, or running for the first time any one of them and then require the user to input an administrator's name and password to continue with each of those steps to continue. It requires that user to be industrial strength stupid to infect a Mac with a known Trojan. When a new one, or a new family appears, Apple pushes out the new definition of either within 24 hours to every Mac in the wild. The OS X operating system cannot do that if you install any third party anti-malware app which turns it off or inserts itself between the that operation and allows the actual saving of the malware before checking for content.
It’s odd that the malware writer felt compelled to be slightly honest, replacing “Search App Store” with “Search Web”. You’d think they’d go for verisimilitude.
ok how do i get rid of mac keeper and thank you for taking the time to respond with lots of info
bump
I’ll second Swordmaker’s comment. Don’t install “anti malware” software on a Mac. A properly built operating system should have no way for malware to function; insofar as macOS is imperfect, Apple fixes problems very fast.
Most anti-malware programs, in my experience, are worse than the malware they purport to eradicate.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.