Skip to main content

Mac Adware Infection Requires Complete Reload For Removal

By August 29, 2017May 22nd, 2021Technology News

Mac users have a new strain of malware to be concerned about. It is dubbed “Mughthesec,” which seems to be a new, improved, and more robust design, based on an older piece of malware known as the OperatorMac family.

Among its improvements are the facts that it includes an anti-VM detection system that includes a MAC-address, and that it includes a valid Apple developer certificate, which allows it to slip unnoticed past Apple’s GateKeeper system. This second improvement is of special significance, because very few malware strains boast a valid certificate, making Mughthesec unique among its peers.

This updated version is finding its way onto machines disguised as an Adobe Flash Player installation file. The user gets a legitimate copy of Flash, but in the background, the malware also installs an app called Advanced Mac Cleaner, along with two extensions for the Safari web browser called “Safe Finder” and “Booking.com.”

According to Patrick Wardle, the Director of Research at Synack, while it’s easy enough to remove the rogue browser extensions and unwanted apps via conventional means, the new Mughthesec code contains hooks that will simply allow the hackers to reinstall those apps, or any other program that the hackers feel like inflicting on a user.

If you find Mughthesec on your machine, or if you get rid of malware only to find that it comes back almost immediately, Wardle’s recommendation is to reinstall your OS. That may sound like a draconian move, and it’s an annoying and painful process, but sadly, it’s the only way to be sure that the hooks the malware embeds in the operating system are completely removed.

The fear is that unless you take this step, your machine is simply going to keep getting peppered with malware, and perhaps something worse if the hackers decide to launch a genuinely destructive attack.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.