/>
X

'Rogue' cleaning tool targets Mac users

The distributors of the MacSweeper application are trying to trick Mac users into believing they have a virus so they buy the software
liam-tung.jpg
tom-espiner.jpg
Written by Liam Tung, Contributing Writer and  Tom Espiner on

Mac users have been warned by F-Secure against downloading a free "rogue" security application, MacSweeper.

According to the Finnish antivirus company, the application is reminiscent of scams that often target Windows users.

By making the intended victim believe they have a virus, the distributors of MacSweeper hope to sell software to the concerned user, said F-Secure.

"It claims to clean compromising files from your Mac and it will always find something to fix/clean, but the only way to do so is to buy the program," explained F-Secure threat response manager, Patrik Runald, in a blog post.

"[It's] designed to trick people into thinking that they have security problems and that the only way to solve them is to buy the software. Until now this issue has been a Windows-only problem, but that's not the case anymore," added Runald.

Runald said further evidence that MacSweeper is "a scam" is "the fact that when you visit the MacSweeper website with a PC and click on 'Scan', it will tell you that you have security vulnerabilities in folders like system_root/home [a folder that doesn't exist]."

Runald blamed the increasing user base of Mac OS X for the emergence of such "scams".

"Mac users will increasingly come under attack from bad guys and this new rogue application and the constant stream of new variants of [Mac Trojan] DNSChanger is proof of that. It doesn't mean that Mac is becoming less secure in and of itself. But it does mean that Mac users will have to watch out for social-engineering tricks just like Windows users have had to do for years," Runald added.

The distributors of MacSweeper — apparently a company called Kivvi Software — also copied security company Symantec's "About us" statement on its website and replaced its name with their own, Runald said.

In a reply to Runald's blog post by a "Macsweeper developer" on Wednesday, the poster claimed Macsweeper developers were "trying to make a good software [sic]".

"I would like to explain all the situation, about MacSweeper [sic]," said the post. "We are really trying to make a good software [sic], and you won't find any viruses/spyware/Trojans/malware in MacSweeper (test it yourself, if you don't believe me, you can use any type of firewalls, dissemblers, or other tools) [sic]."

According to the "developer", Kivvi Software is using sales partners that "forces us to use this marketing type [sic]".

"I would like to say sorry for all inconveniences that we could bring to you, but believe MacSweeper is meant to be a useful application," the "Macsweeper developer" added.

Late last year, security vendor Intego claimed to have found the first Trojan targeting Mac OS X Tiger: DNSChanger. The malware distributors attempted to infect Macs by offering a video-streaming decoder — a codec — that the distributors claimed could decode porn that was not viewable through QuickTime. Like this latest scam, the distributors used social-engineering techniques to trick users into downloading the software.

The Trojan worked by changing a Mac's DNS settings to redirect victims to porn websites. F-Secure later reported it had discovered 32 variants of the Trojan and said it was related to the group distributing the Zlob Trojan.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
How to spot a deepfake? One simple trick is all you need
facial-recognition

How to spot a deepfake? One simple trick is all you need

AI & Robotics
Malcolm Gladwell says working from home is 'not in your best interests'. The reality is much more complicated
malcolm-gladwell

Malcolm Gladwell says working from home is 'not in your best interests'. The reality is much more complicated

Productivity