[Just For Fun] PUP that SHOWS its hatred against VirusTotal

ZevinZenph

Level 1
Thread author
Verified
Mar 10, 2015
30
I just ran into some Mac thingy named MacKeeper while searching for PUPs to feed my virtual machine. The program, just like any other PUP does, has a ultra bad reputation among the community. (Just Google it and have fun reading those posts)
MK.PNG

(I know some of the members here don't like WoT, but I guess it's still somehow referential)

The funny thing is, I later tried to Google "MacKeeper VirusTotal", and this showed up.
MK5.PNG

(The result may vary for different countries)

I clicked on it, with sandboxing, and I lol'd ultra hard. Here's the first few paragraphs of that post. Make sure your 70-year-old dad won't get scared by your laughter if he's right beside you.
We conducted the experiment by scanning MacKeeper pkg. file with 5 different services including VirusTotal, Metadefender, R.virscan, Virusscan.jotti and Nodistribute. You will be surprised with results.

Imagine that you are downloading a program from the official company website, trying to open it and suddenly see the alarm that the file is potentially dangerous or unwanted. Oftentimes security software vendors do not explain what they consider “potentially unwanted” to their customers, creating further confusion.

No anti-malware engine is perfect. With more than 390,000 new malicious programs emerging each day, it would be impossible for any single product to show guaranteed result 100% of the time. Even the online scanning services, which are supposed to show the unbiased scanning results, sometimes display mistaken detections, known as false positives.

Antivirus programs look at many different aspects of a file, including how it was installed on the system, publisher information, when it arrived, etc. Considering these aspects, some users can see detections even on clean files.

Unfortunately, Kromtech also experienced situations when some antiviruses falsely marked MacKeeper as a virus or a potentially unwanted application (PUA).

If you want to read the full essay on yourself, here's the URL. I don't guarantee it's safe to visit though.
hxxp://mackeeper.com/blog/post/253-why-you-should-think-twice-when-use-virustotal-to-scan-your-applications

BTW, if anyone is able to conduct an analysis of its .pkg/.dmg installer, wish that you won't mind to send me its HTTP requests list. I can't find a OSX-guest VM that doesn't crash somehow. Thanks!
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top