Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Beware of fake CleanMyMac installers that will infect your Mac

MacPaw team finds malware disguised as CleanMyMac

Cybersecurity experts recently uncovered a sophisticated scheme where attackers disguise malware as CleanMyMac to steal Mac users' data.

MacPaw, the creator of CleanMyMac and other utilities, has a cybersecurity division called Moonlock. During one of their investigations, they discovered a malware sample labeled CleanMyMac, pretending to be the legitimate version.

The malware used various methods to infiltrate computers, hide its presence, and steal information. It could trick a computer into running harmful code by pretending to be a helpful app, then cover its tracks to avoid being spotted by security tools.

Grid of various video thumbnails on a streaming platform, showcasing different topics such as cryptocurrency tutorials, computer tips, and Spanish-language content.
Content of Convisar TV channel after it was likely hijacked

It could also gather details about the infected computer, like looking through files and noting security measures, to help it carry out its plans more effectively. The malicious versions of CleanMyMac were distributed through phishing websites mimicking MacPaw's official site, using similar domains and logos to deceive users.

Investigations identified domains such as macpaw[.]us and cleanmymac[.]pro among the culprits. Although these sites no longer load, there's always a risk they might reappear under new guises.

YouTube channels like Convisar TV were also hijacked to promote these counterfeit versions, linking unsuspecting viewers to phishing pages. The team used "cleanmymac x free download full version" to search and find the channels promoting the malware.

How to avoid the fake CleanMyMac app

To avoid counterfeit versions, software should be downloaded directly from official websites or the App Store. Before downloading, inspect the website's URL for authenticity, looking for spelling errors or unusual domain names.

Also, look for signs of the software's legitimacy, such as digital signatures or verified reviews.

Search results for the suspicious URL
Search results for the suspicious URL "www[.]mac-clean[.]org"

For example, the official MacPaw website is macpaw.com, not macpaw.us or macpaw.pro.

Additionally, using reputable antivirus or cleaning tools, such as CleanMyMac X with the Moonlock Engine, for regular system scans and updates is a critical security measure. Using these strategies can significantly boost users' defenses against such attacks.