Nearly 50% of macOS malware comes from one app — do you have it on your MacBook?

[Gandalf_The_Grey]

Content source

https://www.laptopmag.com/news/nearly-50-of-macos-malware-comes-from-one-app-do-you-have-it-on-your-macbook

There's good news and bad news for macOS users, according to a new report from Elastic Security Labs. On the plus side, only 6% of malware ends up on macOS devices compared to the 54% of malicious threats that slide into Windows' systems.

On the downside, macOS isn't totally immune to malware, and as such, users still need to watch out for ill-intentioned apps. According to the 2022 Global Threat Report, nearly 50% of all macOS malware comes from one app (h/t 9to5Mac).

Most macOS malware comes from these three apps​

The biggest source of macOS malware? Elastic Security Labs investigators pointed their fingers at MacKeeper, a macOS app ironically designed to protect users' devices by offering cleaning, security, privacy and performance tools. According to the report, a whopping 48% of macOS malware is sourced from MacKeeper.

MacKeeper is known for having quite a tumultuous past and an ambiguous reputation. Some Apple users have warned others about MacKeeper. In one forum, for example, an Apple Support Community poster(opens in new tab) described the app as a "highly invasive malware that can de-stabilize your system." The macOS app has attempted to clean up its sullied character in recent years, but unfortunately, this Elastic Security Labs report isn't helping its case.

The next pervasive macOS threat, ranking at a far second at 17%, is the XCSSET malware, which was known for taking advantage of vulnerabilities discovered inside Safari. It can also steal confidential data, take secret screenshots, access users' microphones and webcams remotely, and install ransomware.

Finally, sitting in third place is Adload, a malicious software that hijacks victims' browsers and forces them to visit disreputable, shadowy websites.

The 2022 Global Threat Report failed to dive deep into these malware families, but a quick research revealed one interesting nugget of information: MacKeeper is notoriously difficult to remove. Allow us to give you insight on how to remove this pesky app.

Nearly 50% of macOS malware comes from one app — do you have it on your MacBook?

Steer clear of this cleaning tool

www.laptopmag.com

 

[OTTO]

Nearly 50% of macOS malware comes from one app — do you have it on your MacBook?

Steer clear of this cleaning tool

www.laptopmag.com

i dont use mac but the topic drew me in. I visited mackeeper website and kaspersky didnt give warning. if it was truly malicious, antivirus would companies would block the site and downloader. Only crdf said malicious for the website and forcepoint threatseeker deemed website as suspicious. People commenting on virustotal for mackeeper.com, they say stay away from this file, its worse etc. i am confused

 

[Gandalf_The_Grey]

i dont use mac but the topic drew me in. I visited mackeeper website and kaspersky didnt give warning. if it was truly malicious, antivirus would companies would block the site and downloader. Only crdf said malicious for the website and forcepoint threatseeker deemed website as suspicious. People commenting on virustotal for mackeeper.com, they say stay away from this file, its worse etc. i am confused

The app itself is not malware:

"While its initial purpose is to aid macOS users, [it can often] be abused by adversaries because since it already has extensive permissions and access to processes and files," the Elastic Security Labs investigators said.

MacKeeper is known for having quite a tumultuous past and an ambiguous reputation. Some Apple users have warned others about MacKeeper. In one forum, for example, an Apple Support Community poster(opens in new tab) described the app as a "highly invasive malware that can de-stabilize your system." The macOS app has attempted to clean up its sullied character in recent years, but unfortunately, this Elastic Security Labs report isn't helping its case.

EDIT: after reading some review on the internet it is not an app or company to be trusted:

MacKeeper Review and Why You Don't Want It

MacKeeper was once a trusted member of the Mac community. This is the story of their descent.

thehightechsociety.com

 

[SpiderWeb]

MacKeeper puts the virus in Anti-virus. lol

 

[Ink]

All cleaner apps are digital snake oil, even for PC.

Anything will full permissions can be be exploited, that includes apps like Anti-malware software.

 

[Stenographers]

i dont use mac but the topic drew me in. I visited mackeeper website and kaspersky didnt give warning. if it was truly malicious, antivirus would companies would block the site and downloader. Only crdf said malicious for the website and forcepoint threatseeker deemed website as suspicious. People commenting on virustotal for mackeeper.com, they say stay away from this file, its worse etc. i am confused

This is a good example of why a layered approach to security is so important. Antivirus' don't catch everything. Not sure what would stop the average Joe from downloading this app besides word of mouth - Apple needs to do better and just shut this app down. They have the capability to blacklist apps and stop them from running on all Macs. They need to do that here.

On another note, computer "cleaner" or Windows registry "cleaners" like this are snake oil. There are built in utilities with most modern OS's that take care of temp files etc. Some people claim to run them for "privacy" reasons, but I don't buy it. If you're going to be doing sensitive work in the browser it is best to have a dedicated hardened VM that you roll back to a clean snapshot every time you're done using it.

 

[Ink]

Apple needs to do better and just shut this app down. They have the capability to blacklist apps and stop them from running on all Macs.

FWIW; MacKeeper is not listed on the Mac App Store.

Users of MacKeeper would have had to download the from the site, or be tricked into it.

It does not help that the Germany-based AV-TEST certified them in 2020, under the newly-founded company Clario (2019).

Test antivirus software for MacOS Catalina - December 2020

The current tests of antivirus software for MacOS Catalina from December 2020 of AV-TEST, the leading international and independent service provider for antivirus software and malware.

www.av-test.org

Many controversies since 2010's can be read at MacKeeper - Wikipedia including AV-Comparatives identified MacKeeper as scareware, others discovered adware and someone found 13M customer data exposed on Shodan.

 

[Stenographers]

FWIW; MacKeeper is not listed on the Mac App Store.

Users of MacKeeper would have had to download the from the site, or be tricked into it.

It does not help that the Germany-based AV-TEST certified them in 2020, under the newly-founded company Clario (2019).

Test antivirus software for MacOS Catalina - December 2020

The current tests of antivirus software for MacOS Catalina from December 2020 of AV-TEST, the leading international and independent service provider for antivirus software and malware.

www.av-test.org

Many controversies since 2010's can be read at MacKeeper - Wikipedia including AV-Comparatives identified MacKeeper as scareware, others discovered adware and someone found 13M customer data exposed on Shodan.

IIRC Apple has the ability to block their certificate preventing it from installing on any internet connected Macs. Maybe someone more familiar with that than I can chime in? I may have some misconceptions about how it works.