Thursday, November 5, 2015

Further Observations Regarding
The Adware Infestation At MacUpdate

My colleague Thomas Reed was the one who first tipped me off about the beginning of the adware infestation at MacUpdate. He and I are part of a group started by Mark Thomas of ClamXav who share and consult with one another regarding Mac security. Thomas, as I hope many of you know, has been at the forefront of studying, detecting and removing adware within the Mac community. He's been a constant asset to myself and others for many years. His AdwareMedic application was a breakthrough. His addition to the team at Malwarebytes has been a well deserved accolade. His software is now part of Malwarebytes Anti-Malware for Mac.

Thomas Reed has been keeping track of MacUpdate adware in his own blog at Malwarebytes. It's well worth reading his article here. You can read about the initial discovery of what's going on at MacUpdate along side Thomas' useful insights:

Has MacUpdate fallen to the adware plague?
Following Mr. Urdaneta’s hints, I sought out the Skype page on the MacUpdate site and downloaded the app. The result was a file named Skype Installer.dmg, which seems legit on first glance. However, opening this disk image file results in a MacUpdate installer,
very similar to the adware-riddled custom installers used by sites like and Softonic. . . .
 Note that between Thomas and myself, we've found that the MacUpdate adware installer flips between a number of different adware installations. I've witness the attempt to install Yahoo! adware as well as MacBooster.

The nightmare of the matter is that this installer asks for your ADMINISTRATOR PASSWORD, which means you're giving this malware access to the deepest depths of your Mac home. DON'T DO IT! Anything-at-all could be installed after you've provided that password to the malware.

I have a name I use for people who foist nastiness on potential customers:

Marketing Morons.

The marketing folks who seriously care about the welfare of their collaborators, their customers, are called:

Marketing Mavens. 

~ ~ ~ ~ ~

I'll be adding further observations of the infestation as I find them and consider them helpful and relevant.

No comments:

Post a Comment