PSA: Stay Alert for Fake CleanMyMac Installers That Will Infect Your Mac With Malware

While CleanMyMac from MacPaw is a well-known way to clean and tune your Mac for top performance, cybersecurity experts have uncovered a scheme where bad actors have disguised dangerous malware as the CleanMyMac app in an attempt to steal data from unwitting Mac users.

MacPaw, the publisher of CleanMyMac and several other Mac utilities, also has a cybersecurity division known as Moonlock. During one of its investigations into malware, Moonlock discovered a malware sample named “CleanMyMac” that was posing as the genuine application.

The malware used multiple methods to infiltrate computers, hide itself, and steal information from a user’s hard drive. The code could trick a Mac into running harmful bits of code by posing as a helpful app, covering its tracks to hide from security tools.

The malware could also gather details about the targeted Mac by searching through files and noting security measures on the computer, allowing it to effectively carry out its nefarious plans. As you might expect, malicious versions of CleanMyMac were distributed through phishing websites posing as the official MacPaw website, using similar logos and domains to fool users into downloading and installing the malicious code.

Domains such as macpaw.us and cleanmymac.pro were used in the scam. Those sites no longer load if you visit them, but it’s quite possible the websites may reappear under new monikers.

The bad guys responsible for the malicious copycat application hijacked YouTube channels like Convisar TV to promote the counterfeit versions of the app, publishing links to direct unsuspecting users to phishing pages. The search term “cleanmymac x free download full version” was used to find the channels promoting the evil malware.

Users should stay alert for counterfeit versions of apps like CleanMyMac.

1. Only download software from official websites or the Mac App Store.
2. Always inspect the website’s URL to make sure the site is legitimate.
3. Look out for spelling errors and unusual domain names, such as those using “0” in place of “o”, “1” in place of “i” or “l”, and other ways to make the site appear legitimate.

In the case of CleanMyMac and MacPaw’s other applications, make sure you are visiting the real “macpaw.com” website, not macpaw.us, macpaw.pro, or any of several other modified URLs.

Users should also install and use reputable antivirus or anti-malware applications, such as Malwarebytes to regularly scan their Macs for viruses, malware, and other types of malicious software. This will help keep you safe from malicious attacks, such as this recently discovered “CleanMyMac” scheme.

(Via AppleInsider)