Remove Advanced Mac Cleaner with AdwareMedic.Malware New OSX/Shlayer Malware Variant Found Using a Dirty New TrickAdvanced Mac Cleaner Popup How To Block Apps Advanced Mac Cleaner Download How to remove Mac Adware cleaner Ironically, the app called Mac Adware cleaner maybe itself be the very source of annoying adware on your Mac the classic case of a wolf in a sheep’s skin.Malwarebytes AdwCleaner is a standalone tool that focuses only on removing adware, spyware, PUPs, browser hijackers, and unwanted browser toolbars. It also has AppLock to prevent unwanted access to your apps. Additionally, it comes with an app manager to uninstall, backup, and share apps. Its notification cleaner can block junk notifications. Just with a single tap, you can boost up your phone anytime.
![]() Block Apps Advanced Cleaner Download How ToA window will cover most of the screen and display a progress bar asking the user to please wait. This should be a big red flag, but most users may be so accustomed to quickly clicking “OK,” “Continue” and “Agree” to finally get their installation going. (These windows could mention irrefutable proof Bigfoot exists and in all likelihood no-one would notice.)When the “Accept >” button is clicked, the user will be presented with a password request.And when the “Ok” button is clicked, the installer will take over. The wording is, of course, carefully chosen to deter users from selecting the Custom Installation option and seeing what is really being installed.Even without scrolling through it, you can tell the presented agreement does not reference Adobe Flash Player, instead it references Advanced Mac Cleaner. The user is then presented with a window that looks mostly like this:Once the installer is launched, an agreement will pop up that looks absolutely nothing like the one included in the real Adobe Flash Player installer, and two installation types are offered: Express (recommended) or Custom Installation (expert). This is not to say that this malware variant, or any other variants, can’t be found on other possibly legit websites, but we have yet to spot Shlayer there.Once a user is tricked into downloading the fake Adobe Flash Player (or a site downloads it automatically), the result is typically a self mounting disk image. To pick up one of these fake Adobe Flash Player installers, one must wander around BitTorrent sites and it’ll surely pop up.To obtain Shlayer as part of a software crack, BitTorrent sites are also to blame. MyShopCoupon+ (this fails to install and ends up in the root of the startup drive) Chumsearch Safari Extension (though proper installation only worked once) This includes all or some of the following: It shows a scanner that found a lot of issues on your Mac and, of course, claims that the way to fix all these issues is by paying up to $107. This page also features an ad from another company, which should raise red flags right away.Intego VirusBarrier detects Chumsearch and all of its components as OSX/Chumsearch.Advanced Mac Cleaner is scareware. An actual Adobe Flash Player installer (mounts on the desktop)It also adjusts the Homepage in Safari, and probably Chrome and other browsers as well, to:Http: //com/search/?asset=hp&wtguid=61409200915943979&wtsrc=5409&wtdt=042318&wtbr=1&wtpl=10.12.6&v=5.0However, it fails to make further adjustments that would cause new windows or tabs to load this URL.Chumsearch mimics a (very poor) Google search website, which will pop up any time the homepage is requested. MyMacUpdater (ends up in the Applications folder) mediaDownloader (ends up in the Applications folder) The injecting of ads and hijacking of the homepage are just one aspect of this malware. Therefore, if you do not frequent such websites—and you shouldn’t because BitTorrent sites are a malware cesspool—chances of infection are at the moment very low.If there is an increased risk of infection, users should be concerned. Should Mac users be concerned about OSX/Shlayer?Currently, Shlayer has been found only on BitTorrent websites, disguised as fake Adobe Flash Player installers or embedded in downloaded torrent files posing as cracks. For example, the Shlayer installer is called on this path:This is not behavior we were able to reproduce, but we have seen at least one other report of this configuration profile being installed by a web developer in the MacAdmins Slack. This variant uses double base64 encoding to make it harder for malware researchers to, well, research. However, we have encountered it before and Intego VirusBarrier detects it as OSX/Bundlore.OSX/Shlayer is simply the dropper that acts as the gateway to your system and installs a host of other components, such as those mentioned above. How to tell if your Mac is infected (and removal instructions)A dropper like Shlayer can download and install anything it wants. Having your online bank statement or Amazon login details transmitted to an unknown party is certainly not ideal. Transmit content from webpages you visitThis includes names, passwords, phone numbers, email addresses, credit card details and much more. ![]() IT admins can find removal instructions in Reed’s report. If your Mac is managed by an IT staff, contact them to have them remove it or give you the OK to remove it yourself. In this case look for “AdminPrefs”, select it and click the “-” to remove it. If a profiles option is available, click on it and look for profiles that don’t belong (there might be legitimate profiles there if your Mac is managed by your work and/or an IT staff). Open System Preferences and look for “Profiles”. ~ Library/Caches/com.apple.Safari/Extensions/Chumsearch+.safariextensionIn case you did stumble upon the particular installer Thomas Reed mentions, also have a look here: Mac calendar for pcYou may also consider avoiding the use of Adobe Flash Player in general, so you won’t be tempted to install a fake Flash Player update that’s riddled with malware. How to protect yourself from OSX/ShlayerIntego VirusBarrier detects and eradicates this new malware variant (and several others) as OSX/Shlayer.C. Use of Intego’s anti-virus software will block and remove all known components of Shlayer malware. Also using a two-way firewall solution, such as Intego NetBarrier, can offer additional protection as it will alert you of any connection attempts to/from applications on your Mac, which allows you to spot suspect behavior and block it before personal data escapes your computer.We strongly encourage you to stay away from BitTorrent sites as this will reduce your exposure to malware significantly. This will most likely reside in your Downloads folderIf any of these components are found on your Mac, delete them, restart your Mac and empty the trash.
0 Comments
Leave a Reply. |
AuthorEugene ArchivesCategories |