Cybersecurity experts recently uncovered a sophisticated scheme where attackers disguise malware as CleanMyMac to steal Mac users' data.
MacPaw team finds malware disguised as CleanMyMac
MacPaw, the creator of CleanMyMac and other utilities, has a cybersecurity division called Moonlock. During one of their investigations, they discovered a malware sample labeled CleanMyMac, pretending to be the legitimate version.
The malware used various methods to infiltrate computers, hide its presence, and steal information. It could trick a computer into running harmful code by pretending to be a helpful app, then cover its tracks to avoid being spotted by security tools.
Content of Convisar TV channel after it was likely hijacked
It could also gather details about the infected computer, like looking through files and noting security measures, to help it carry out its plans more effectively. The malicious versions of CleanMyMac were distributed through phishing websites mimicking MacPaw's official site, using similar domains and logos to deceive users.
Investigations identified domains such as macpaw[.]us and cleanmymac[.]pro among the culprits. Although these sites no longer load, there's always a risk they might reappear under new guises.
YouTube channels like Convisar TV were also hijacked to promote these counterfeit versions, linking unsuspecting viewers to phishing pages. The team used "cleanmymac x free download full version" to search and find the channels promoting the malware.
How to avoid the fake CleanMyMac app
To avoid counterfeit versions, software should be downloaded directly from official websites or the App Store. Before downloading, inspect the website's URL for authenticity, looking for spelling errors or unusual domain names.
Also, look for signs of the software's legitimacy, such as digital signatures or verified reviews.
Search results for the suspicious URL "www[.]mac-clean[.]org"
For example, the official MacPaw website is macpaw.com, not macpaw.us or macpaw.pro.
Additionally, using reputable antivirus or cleaning tools, such as CleanMyMac X with the Moonlock Engine, for regular system scans and updates is a critical security measure. Using these strategies can significantly boost users' defenses against such attacks.