I began to look into it, and very quickly found myself in a deep rabbit-hole of Mac crapware, all from a major developer of Mac PUPs (potentially unwanted programs), PCVARK.Got irritation with the malware and adware present in your Mac then get Malware bytes for Mac. While focusing on adware infections, Malwarebytes for Mac will also scan for other known infections that are being released for the macOS operaitng system.Recently, Jérôme Segura forwarded me a link to a fake virus scam page that seemed to be Mac-related. BleepingComputer Review: Malwarebytes Anti-Malware for Mac is a free security tool that allows you to scan your computer for common macOS infections and remove them.The fact that Malwarebytes were smart enough to buy AdwareMedic says a lot about the company and with the brains behind it Thomas Reed now working for them, you can be guaranteed that they've got one of the smartest and most knowledgeable guys around when it comes to security on Mac.Malwarebytes has become one of the top names in the world of PC and Mac security. And it is that strange and malicious app that will be our focus today.Malwarebytes is the best, and probably only legit tool, that effectively removes malware from Macs. Because within this rabbit-hole lay one special nugget of… well, not gold. Although I could go on at length about these products behaviors and why we detect them as PUPs, that is beside the point. Malwarebytes anti-malware protection includes multiple layers of malware-crushing tech that finds and removes threats like viruses, ransomware, spyware, adware, and Trojans.Malwarebytes 3.0 was a major update when it arrived in December 2016 - and like many major updates, some aspects were a little rough, particularly stability within Windows 10.PCVARK is responsible for gems like Advanced Mac Cleaner, Mac Adware Cleaner, et al. Looking for free virus removal Scan and remove viruses and malware free.
It hadn’t been added to my login items. Even more intriguing, this app didn’t have any apparent mechanism for being launched. It looked like an ordinary Advanced Mac Cleaner installer… which is not to say it looked like anything I’d want on my computer, but still, I was determined to do the wrong thing, so I clicked right through and installed it.Once I had installed it and was poking around to see whether it had installed anything new – perhaps a shiny new piece of adware, for example – I discovered an odd app, named Mac File Opener, tucked away where the average user would never see it. But, of course, I was determined not to be, so I clicked the green button to install the “security update.”This resulted in an installer file named “amc_rb_mfm1.pkg” being downloaded, which I proceeded to open. The software comes in Malwarebytes Free and Malwarebytes Premium.It began here, on a scam page hosted on the official Advanced Mac Cleaner website:If I were being cautious, I would have closed this page immediately, rather than doing anything it said. Photo editing programs for mac freeWorse, if there is no other app to open a specific file, this app would be the default. One of the things that file does is allow the developer to identify what file types the app is capable of opening, using an array of data given the key “CFBundleDocumentTypes” that defines all the file types.It turns out that Mac File Opener defines a list of 232 different file types, covering all the common ones and many that aren’t so common: CFBundleDocumentTypesEssentially, what this app had done is set itself up as an app that can open most files that are at all likely to be on the typical user’s system. Inside all Mac apps, there is a file called Info.plist, which defines a number of characteristics of the app. It simply seemed to be sitting there, doing nothing.This piqued my curiosity, so I poked a little deeper, and found something very interesting. ![]() Malwarebytes Review 2016 Code Is SignedAll the other PCVARK and Techyutils products mentioned here are detected as PUPs.(Update: the SHA256 hash for the Mac File Opener app on VirusTotal is e7af2bd1ea722a1fc6f8012a7472c8e6583406166509135b35ef001827fd55b3. More compelling, that code is signed by an official, Apple-provided certificate owned by each of these “companies.” This provides the final link that proves that PCVARK and Techyutils are actually one and the same, and that Mac File Opener is in fact a product of PCVARK.We consider Mac File Opener to be malware, and Malwarebytes Anti-Malware for Mac will detect it as OSX.FakeFileOpener. Examining the application code of Mac Optimizer (from Techyutils) and Advanced Mac Cleaner (from PCVARK) side-by-side shows that they are nearly identical for the most part.Thus, two supposedly different apps, from supposedly different companies, both share the same code (and nearly identical user interfaces). But then I realized that I have a copy of a different PUP, also signed by the same Techyutils certificate, called Mac Optimizer. However, those are all things that could be faked to imply a relationship that didn’t exist.I looked at the code for Advanced Mac Cleaner and for Mac File Opener, and didn’t find too many similarities. On the surface, there are many superficial similarities – file naming conventions, similarity of icons, references to PCVARK on the Mac File Opener website, etc.
0 Comments
Leave a Reply. |
AuthorSteve ArchivesCategories |