All Apple news

“Doctor Web”: the installer unwanted applications threatens Mac users

The specialists of “Doctor Web” found on the Mac platform software designed for silent installation of unwanted software, as well as imposing various unnecessary applications and add-ons browsers without your knowledge. “Malware” is registered in the database under the name of Adware.Mac.InstallCore.

“In recent years, it has received very wide distribution, its victims are mostly Windows users. Recently, however, more and more of such programmes appears and for Mac OS X”, – commented on the discovery in “Doctor Web”.

Unwanted application Adware.Mac.InstallCore.1 is an installer package which contains three important folders: bin, MacOS and Resources. The first one is the application which is detected under the name of the Tool.Mac.ExtInstaller designed to install browser add, replace, start page used for your default browser search engine.

The MacOS folder contains the binary installer file and the Resources folder is stored the main part of the SDK in the form of JavaScript. These scenarios can be represented in the clear and encrypted using AES algorithm.

Among the files of the SDK configuration file is config.js containing a special section that determines which applications will be offered to the user for installation. This topic describes how many apps you should install on your system, if you encounter any programs or virtual machines the user will not be imposed on additional programs, and, in fact, given the list of installed components.
screen

In another file, scripts.js implemented the basic logic of the installer, including checking whether you are running virtual machines and some of the previously installed applications. The program will not force the user installation of unauthorized parts, if it is running in virtual machines VirtualBox, VMWare Fusion or Parallels, or if on a Mac is possible to reveal the presence of package development environment XCode or application Charles, used for debugging.

There are also cases when the user was not proposed installation of unauthorized software detected antivirus AVG, Avast, BitDefender, Comodo, ESET, Kaspersky, Sophos, Symantec, Intego, ClamAV and F-Secure. In addition, in the “black list” Adware.Mac.InstallCore.1 there are a number of other applications.

Among the programs and utilities installed on your computer Adware.Mac.InstallCore.1 experts call:
Yahoo Search, MacKeeper, ZipCloud, WalletBee, MacBooster 2, PremierOpinion RealCloud, MaxSecure, iBoostUp, ElmediaPlayer.

Leave a Reply

Your email address will not be published. Required fields are marked *