NPC Seal
We use cookies to ensure you get the best browsing experience. By continued use, you agree to our privacy policy and accept our use of such cookies. For further information, click FIND OUT MORE.
I AGREE FIND OUT MORE
x
advertisement
Filtered by: Scitech
SciTech

Mac users beware: Potential adware poses as Safari update


Users of Apple Mac computers and laptops may have to think twice before downloading and installing a supposed update to the Safari browser—it could be potential malware in disguise.

Malwarebytes said the installer for InstallCore resides in some so-called "scam" sites, including scam sports streaming sites.

"When I attempted to view one of the supposed streams, it redirected me to a page that claimed that Safari was outdated ... Clicking the Update Now button downloaded a disk image file named 'Apple Safari Setup.dmg,'" Malwarebytes' Thomas Reed said in a blog post.

InstallCore is described by Sophos as an "installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user."

"Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process," it said.

Something wrong

One sign of something wrong in the supposed Safari update is that the installer on that disk image did not look like an Apple installer at all, Reed said.

Also, he said that when he opened the installer, he saw the familiar InstallCore installer interface, though the first page of the installer read “Welcome to Safari.”

The installer will ask a user to accept the “Search-Assist” extension for Safari—with a big Yahoo! logo at the top of the window.

It then asks the user to allow the installation of MacKeeper, "though the text was relatively small and uniform, and the familiar MacKeeper logo was nowhere to be seen."

Users were also made to accept the installation of ZipCloud.

"Although no browser extensions were successfully installed, both Chrome and Firefox had their preferences modified. Both browsers had their home pages and search engines set to a Yahoo 'Search BOSS' page, which is how Yahoo is tricked into paying the scammers for promoting it," Reed said.

"Victims of this malicious installer should immediately remove both MacKeeper and ZipCloud, of course, but should also reinstall OS X. This will overwrite Safari and its support files with fresh copies," he added.

Mackeeper has been described in Apple support forums as invasive malware, while ZipCloud does not enjoy a good reputation either.

Yet, Reed said the app also installed a newer version of Safari and some Safari support files.

"This, of course, had the effect of completely breaking Safari on my 10.9.5 system, as the newer version (8.0.6) cannot run on that version of OS X," he said. — Joel Locsin/LBG, GMA News

Tags: safari, malware, apple
LATEST ELEKSYON 2025 RESULTS
News
Voter's Education
Candidates
Find out your candidates' profile
Debates
Find the latest news
Stand on Issues
Find out individual candidate platforms
MyKodigo
Choose your candidates and print out your selection.
Voter's Profile
Voter Demographics
Most Popular