Beware of fake CleanMyMac installers that will infect your Mac

Posted:
in macOS

Cybersecurity experts recently uncovered a sophisticated scheme where attackers disguise malware as CleanMyMac to steal Mac users' data.

A close-up of a computer screen displaying white programming code on a dark blue background.
MacPaw team finds malware disguised as CleanMyMac



MacPaw, the creator of CleanMyMac and other utilities, has a cybersecurity division called Moonlock. During one of their investigations, they discovered a malware sample labeled CleanMyMac, pretending to be the legitimate version.

The malware used various methods to infiltrate computers, hide its presence, and steal information. It could trick a computer into running harmful code by pretending to be a helpful app, then cover its tracks to avoid being spotted by security tools.

Grid of various video thumbnails on a streaming platform, showcasing different topics such as cryptocurrency tutorials, computer tips, and Spanish-language content.
Content of Convisar TV channel after it was likely hijacked



It could also gather details about the infected computer, like looking through files and noting security measures, to help it carry out its plans more effectively. The malicious versions of CleanMyMac were distributed through phishing websites mimicking MacPaw's official site, using similar domains and logos to deceive users.

Investigations identified domains such as macpaw[.]us and cleanmymac[.]pro among the culprits. Although these sites no longer load, there's always a risk they might reappear under new guises.

YouTube channels like Convisar TV were also hijacked to promote these counterfeit versions, linking unsuspecting viewers to phishing pages. The team used "cleanmymac x free download full version" to search and find the channels promoting the malware.

How to avoid the fake CleanMyMac app



To avoid counterfeit versions, software should be downloaded directly from official websites or the App Store. Before downloading, inspect the website's URL for authenticity, looking for spelling errors or unusual domain names.

Also, look for signs of the software's legitimacy, such as digital signatures or verified reviews.

Search results for the suspicious URL
Search results for the suspicious URL "www[.]mac-clean[.]org"



For example, the official MacPaw website is macpaw.com, not macpaw.us or macpaw.pro.

Additionally, using reputable antivirus or cleaning tools, such as CleanMyMac X with the Moonlock Engine, for regular system scans and updates is a critical security measure. Using these strategies can significantly boost users' defenses against such attacks.



Read on AppleInsider

TerryGrey

Comments

  • Reply 1 of 8
    Funny that malware like CleanMyMac is complaining about malware.

    I remove that garbage any time I see it.
    AllMAniMillStrangeDayseriamjh
  • Reply 2 of 8
    Huh CleanMyMac is already the malware
    AllMwilliamlondonAniMillStrangeDayseriamjhVictorMortimer
  • Reply 3 of 8
    mknelsonmknelson Posts: 1,125member
    Funny that malware like CleanMyMac is complaining about malware.

    I remove that garbage any time I see it.
    Hey, at least it's not MacKeeper!
    AniMillbaconstangeriamjhVictorMortimerTerryGrey
  • Reply 4 of 8
    AppleishAppleish Posts: 691member
    I haven't bothered with antivirus software since OSX was introduced.
    AniMillStrangeDaysbaconstangtht
  • Reply 5 of 8
    StrangeDaysStrangeDays Posts: 12,877member
    how to avoid - don’t install any sort of “clean my” utilities. This ain’t Windows 
    Alex1Nrezwitsthteriamjhwatto_cobra
  • Reply 6 of 8
    fastasleepfastasleep Posts: 6,417member
    CleanMyMac X is not malware. It’s a nicely designed set of useful tools, made by a legitimate software company in Ukraine. I’m an expert Mac user and find uses for CMMX regularly. 
    Alex1Nrezwitswatto_cobra
  • Reply 7 of 8
    rezwitsrezwits Posts: 879member
    CleanMyMac X is not malware. It’s a nicely designed set of useful tools, made by a legitimate software company in Ukraine. I’m an expert Mac user and find uses for CMMX regularly. 
    It's true, but their pricing models and different versions are BvlL$#!+

    watto_cobra
  • Reply 8 of 8
    thttht Posts: 5,443member
    I have not looked into it, but I thought all macOS apps have to be notarized now? And, you still need to turn off Gatekeeper to run notarized apps downloaded from the Internet?

    So, the user would have to run this malware app as a sys admin, sudo, whatever?
    watto_cobra
Sign In or Register to comment.