A new OS X malware has been reported by Malwarebytes that can easily fool ignorant users into visiting a fraudulent website and downloading fake software on their Mac.
Mac users are no longer under the illusion that their MacBooks are immune to virus and malware. However, many Mac users are not as careful and vigilant as they should be, which results in them being victimized by simple malware exploits. One such exploit has been discovered by Malwarebytes, where a user is directed to a spam website to download software on his or her Mac.
Lead researcher at Malwarebytes, Thomas Reed, told 9to5Mac about his discovery. He said that the malware is hosted on a scam page which is hosted on the official Advanced Mac Cleaner Website. The malicious file opener is installed when an unsuspecting user approves the installation of Advanced Mac Cleaner on their machine. The file, known as Mac File Opener, is installed along with this, without the user’s knowledge. However, the interesting part is that there was no noticeable way of the app forcing a user to launch it.
Nothing new was added to the login items, and no launch agent or daemon was designed to launch the app. On further investigation, it was revealed that the Info.plist file within the app listed some 232 file versions that it could supposedly open. If a user then tried to open a file for which they did not have a file opener then Mac File Opener would be used to open it.
It would then display a decent fake version of the official OS X dialogue box telling the user that no app was installed on the system to open that file type and offers them to search the web to find an application. As soon as the user clicks on ‘Search Web’, they are directed to macfileopener.com, where junk PCVARK apps like Mac Space Reviver and Mac Adware Remover are downloaded on the user’s Mac. Since all these apps have a valid certificate, OS X installs them without any warning.
The fraudulent nature of this app is quite easy to detect, though. This is because users are not usually requested to search the web instead of the App store. Careful Mac owners know that it is unsafe to trust anything but the official Mac App Store to download any app on their Mac, and doing so will prevent such malware from installing on your MacBook.