A new variety adware was found on macOS system, which was named“Mughthesec” and would cause some serious problem on your Mac, according to the Twitter of Thomas Reed, who is a malware specialist for Mac in Malwarebytes safety mechanism. It will try to hijack the Mac, and the attacker can profit illegally from it.
As the saying of Thomas Reed, Mughthesec is a new family of Mac adware OperatorMac, which verify the security mechanism advanced before bypass the installation of macOS that’s been haunting Mac users for quite some time. Once the Mac is been infected the virus, users must have to reinstall macOS system.
Other researchers say they’ve seen Mughthesec around for at least six months.
And there are also other researchers had traced the trail of Mughthesec, and they say Mughthesec could pretend as Adobe Flash installer, if it has detected a virtual machine then it will install a legal copy. But if it is the real machine, it will install three malicious AD programs include Advanced Mac Cleaner, Safe Finder and Booking.com.
And then Mughthesec will kidnap intercept Home page and domain which have been infected. Next the browser default search engine will be changed to AnySearch, while Advanced Mac Cleaner will reminds users to optimize system and fix problems, then of course, the user has to pay.
What to do if you’ve been infected?
- If you’ve perhaps been saddled with other types of adware, delete that as well.
- If your computer has been hit with this variant of Mughthesec, except reinstalling macOS system, you can delete the unwanted apps and the “Any Search” browser extension, and go to this path ~/Library/LaunchAgents/com.Mughthesec.plist to unload and delete the Mughthesec launch agent.
- For those who haven’t been hit but want to remain adware-free, be careful what apps you download and install on your machine.
- For safely and quickly get rid of any unwanted app that click these tutorial blogs for help.
Now that Apple has canceled the developer certificate used to sign Mughthesec’s files, macOS will refuse to run the fake Flash Player installer, but you still have to be very careful with the new version signed with another valid certificate pushed out maybe.