Malware

3 Important Ideas:

  • First, internet issues which will try and deceive them with fake web pages and pop-ups.
  • Second, is deceiving software they may think is legitimate that is actually bogus software which then creates an annoyance for them.
  • Third, the web browser being compromised by misleading search engines or bogus search plungins being installed.

We will take a look in more detail at these areas and then discuss how to fix and offer resources that can assist in dealing with these issues.

Web browser pop-ups

When online, fake ads, bogus links in emails or search engine results may redirect you to a page that pop-ups and says your Mac is infected with a virus.
Usually you get a phone number and are asked to call it immediately. This is all a SCAM. Do not call, do not let them control your computer screen and do not give them your credit card number.

How to Fix - 1:

If you have fallen for the scam, immediately call your credit card company to dispute or cancel the charge. Unfortunately you may need to cancel that credit card number as the bank may feel it was compromised.

How to Fix - 2:

There may be some screen sharing software installed on the computer.
Typically it is a one time session download software that can easily be found in the download folder and thrown away.
But another place to check is in System Preferences > User and Groups > Login Items. Sometime you find screen sharing software listed there that starts automatically at login. You can select and hit the minus sign to remove it.
A more advanced check is to hold down the option key and go under the Apple Menu and select System Information. Under System Information look in the left column for Software > Installations. You can sort by date and find if any recent software was installed.

How to Fix - 3:


Worst problem is to get rid of the window or find it keeps popping up after a restart.
Part of the issue is the Apple ‘feature’ Auto Resume. When you reopen certain applications and you did not close a file or web page in this case that was open, it re-opens to the last page you had open automatically. To stop this, under Apple Menu select Force Quit. Force Quit the web browser application with the fake pop-up.
Here is the trick. Before attempting to open the web browser again, hold down your SHIFT key on the keyboard and while holding that down, click the web browser icon in the dock. This will force the browser to open the default page rather than the “saved state” of the malicious page.

Malicious Software

Malicious software is downloaded automatically and then requests an install into your computer.
Again, usually a window pops up asking you to install an update. Typically it masks itself as a Java or Flash Player update. It might be downloaded when you do a web search for software and there are bogus results that will install the malicious software.
The more popular names of software to get installed are applications like MacKeeper, Zip Cloud, Mega Backups, Mac Cleaner, and a variety of other applications. Typically these take over the menu bar, and pop up windows in the Finder. Typically, this is Adware that tells you the Mac has problems and viruses that their software can fix. Adware baits the user into believing there is a problem, then suggests the only way to fix it is to pay for the software.

How to Fix:

If the user has installed this software, there are two ways to go.
First, find out what was installed. Hold down the option key and go under the Apple Menu > System Information. Under System Information look in the left column for Software > Installations. You can sort by date and find if any recent software was installed. This will help you locate any unwanted software that was installed.
Remove the software manually or you can use a popular piece of software called Malwarebytes (formerly AdwareMedic). This is easy to install and can remove most of the malicious software that was installed and its associated hidden components. It may not catch all of it, so looking at installed software helps make sure it is completely removed (http://www.adwaremedic.com/index.php)

Search engine/Plug-in Hijacks

Typically when something wrong is done, some hidden search hijacks take over your web browser. Safari, Firefox and Google Chrome are the most popular browsers for the Mac.
As well, the malicious software may also alter your home page and take over your default search engine, and install browser extensions of plugins. So instead of going to your default home page such as google.com, apple.com, etc., you now get a new search engine page that will alter or redirect your search results.
Typically if your home page has been changed, your default engine has been changed as well. So however you search, you get redirected to the hijacked results page. Web browser extensions or plugins were designed to enhance your web experience but malicious plugins can impact your search function and create unwanted pop-up or ads.

How to Fix

Malwarebytes does a good job removing malicious plugins but may not fix your hijacked search engine results.
The best thing to do is to go to the browser preferences (under the applications menu). Typically under the general settings it will list Homepage. Change it to the page you want loaded.
Also, in preferences look for a Search section. Make sure you select the default search engine you want to use.
Also, make sure you remove any unrecognizable or unwanted search engines.
One last place to check is for a Extensions or Plugins section. Make sure to remove items that seem suspicious or are unrecognizable.

Resources

Malwarebytes - Adware and Malware removal for Mac (https://www.malwarebytes.com/mac/)
The Safe Mac - Mac Blog for Malwarebytes / Suggested Tech Guides from Malwarebytes
(http://www.thesafemac.com/)

Apple Support Articles:
https://support.apple.com/en-us/HT203987

Apple Security Updates:
https://support.apple.com/en-us/HT201222

Thanks to Rick Ortiz, an Apple Certified Trainer, Technical Coordinator, and Support Professional. He currently serves on the User Group Advisory Board. (See https://appleusergroupresources.com/helping-user-groups-discuss-and-understand-malware-on-macs/#more-13443)

Copyright © 2023 BMUG. All Right Reserved. Design By Rush Themes.