Researchers Found a Malicious Adware Mughthesec Hijacking Mac for Profit

Researchers from Malwarebytes, which is organization mainly focuses on security studies, had found a variant of an older piece of adware built for Macs. More seriously, it would try to hijack Macs, thus, the hacker would profit from it.

According the report, the malicious adware is called Mughthesec, it seem to be the variant of existing OperatorMac. The adware otherwise behaves typically, said researcher Patrick Wardle, chief security researcher at Synack, who along with others analyzed Mughthesec. Wardle said in a report published on the Objective-See blog that the adware is likely spreading through malicious ads or popups. The blog contains removal instructions.

“The PUPs are in my opinion, rather shady. I mean they automatically install browser plugins circumventing Apple’s security mechanisms in Safari,” Wardle said. “So sure, they ask for user permission to be installed during install, but then do things that generally the user probably doesn’t want. It’s that gray area between legit code and malware.”

The researchers said Mughthesec masquerades as an Adobe Flash installer, and this is the usual way for malicious programs, once Mac users agree to install illegal Flash updates, then as you see, Mughthesec virus will be installed on that Mac.

Once Mughthesec get into your Mac, it will begin to seek permission to download other programs, including Advanced Mac Cleaner, Safe Finder and Hotel reservation service application Booking.com.

What to do if yours is infected?

Unluckily, Mughthesec seems not occur the emergency protection from macOS operating system. And it seems like to make sure that you get rid of Mughthesec is to reinstall the operating system by now.

Once installed, the malware’s goal is profit.

Wardle has detailed how to manually disinfect a system from the Mughthesec malware on his blog. “So it’s probably best to just reinstall macOS,” he concludes.