By David Balaban
Strictly speaking, adware is a form of harmful code that displays annoying advertisements to generate revenue for its “masters.” This term was originally coined to denote potentially unwanted applications that trigger in-browser ads or redirect Internet traffic to knock-off online stores.
Over the years, the concept has extended its reach beyond web surfing interference alone. Any double-dealing software that floods the victim’s device with intrusive pop-ups fits the mold of adware as well.
When running on a Mac, these dubious applications can add a virtual “coating” to websites the user is visiting. The tricky layer hosts redundant, commercially flavored items such as floating banners or interstitial ads promoting freebies, discounts, and junk services. Sometimes the user is wrongfully alerted to performance issues and viruses. This way, criminals push dodgy “cleaners” that claim to fix those problems for a fee.
Mac adware is also a notorious driving force for tech support scams. By displaying fake warnings within a web browser, these nuisance programs attempt to hoodwink the unsuspecting user into dialing a telephone number to reach a “certified technician” who will supposedly help sort things out.
These bogus messages often impersonate Apple to feign legitimacy. The impostor will recommend installing a remote access tool for quick troubleshooting. If the user gets on the hook, crooks can easily harvest sensitive information and install more malware onto the Mac.
Adware distribution and persistence tactics
Bundling is the most common way for adware to infiltrate a Mac computer. In this scenario, the threat hides inside an installer that appears to streamline the setup of one or several free apps. The attack pans out as long as the user sticks with the default installation option.
Once inside the system, the baddie turns the web browsing preferences upside down by replacing the user-defined settings with something unrelated. This foul play sets a browser redirect scheme in motion, forcing hits to ad-riddled search engine copycats. In many cases, it will modify the DNS settings to add or misrepresent advertisements on sites the victim visits. The pest may also ask for permission to show web push notifications on the desktop.
To establish persistence, Mac adware may install a new configuration profile on the system. In an ideal world, this feature helps corporate network administrators manage employees’ activities to ensure compliance with enterprise policies. Cybercrooks often abuse it to specify sketchy settings in Safari, Google Chrome, or Mozilla Firefox and prevent the victim from redefining these preferences.
A sure-shot technique to get rid of Mac adware
Malicious code in general – and adware in particular – are always embodied as a specific dodgy app or a browser add-on you shouldn’t have installed. That said, you need to pinpoint and eradicate the culprit along with the files it has sprinkled around your system. Here is how you can do it.
Step 1. Kill the rogue process
- Expand the “Go” menu in your Mac’s menu bar, click “Utilities”, and select the Activity Monitor.
- Check the list of running processes for an executable file you don’t recognize. The common red flags include an unfamiliar icon and overconsumption of CPU or RAM.
- Having spotted the culprit, select it and click the “X” button at the top left of the window. Once a dialog pops up, click “Force Quit”.
Step 2. Uninstall the underlying application
- Open the Finder and click “Applications” in the left-hand sidebar.
- Locate the unwanted app, control-click it, and select “Move to Trash” in the contextual menu.
Step 3. Purge LaunchAgents and LaunchDaemons added by adware
- Re-expand the “Go” menu and select “Go to Folder”.
- Type ~/Library/LaunchAgents (with the tilde symbol)in the search area and press Enter.
- Look for .plist files that are likely associated with adware and move them all to the Trash.
- Follow the same procedure to tidy up the contents of the /Library/LaunchAgents (no tilde prepended), ~/Library/Application Support, and /Library/LaunchDaemons folders.
Step 4. Stop adware from running at boot time
- Open System Preferences (the gear icon in your Dock), click “Users & Groups”, and select “Login Items” as shown in the screenshot below.
- Click the padlock sign at the bottom and type your admin password to be able to change the settings. When done, select the troublemaking program and use the “minus” button to withdraw it from the list.
Step 5. Get rid of a harmful configuration profile
- Check if an item named “Profiles” is listed on the System Preferences interface. If it’s there, open it.
- Select the bad profile and click the “minus” sign to delete it.
Step 6. Empty the Trash
- Control-click the Trash icon in the Dock and select “Empty Trash”.
- When a confirmation dialog appears, click the “Empty Trash” button to complete the procedure.
- Open Safari, go to the Safarimenu, and select “Preferences”.
- Hit the “Privacy” tab and select “Manage Website Data”.
- Click the “Remove All” button to obliterate all data stored by websites you have accessed. Confirm by clicking “Done”.
Step 7. Get Safari back on track
- Click “Develop” in Safari’s menu area and select “Empty Caches”.
- Expand the “History” menu in the upper toolbar, choose “Clear History”, and confirm the action.
- Restart Safari.
Step 8. Declutter Google Chrome
- Launch Chrome, click the “Customize and control Google Chrome” button, and pick “Settings”.
- Click the “Advanced” button in the sidebar and select “Reset settings”.
- Click “Restore settings to their original defaults” and then hit the “Reset settings” button on the confirmation pop-up.
- Restart Chrome.
Step 9. Make Mozilla Firefox run smoothly again
- Open the browser, click its main menu button at the top right, and choose “More Troubleshooting Information”.
- Click “Refresh Firefox” and follow further prompts to re-enable the default settings.
- Restart Firefox.
Stay on the safe side
If you happen to slip up and let adware in, keep in mind that irritating advertisements are only the tip of the iceberg. There is one more aspect of the problem invisible to the naked eye: these strains collect personally identifiable data such as your geolocation, IP address, and browsing history. By using a reliable VPN for Mac, you can prevent snoops from obtaining this information. It hides your IP and actual whereabouts while ensuring end-to-end encryption of your web traffic.
Since Mac adware piggybacks on users’ blunders to get through, the protection is mostly up to you. Once infected, you can also try special tools like FixMeStick. If you come across a free app on a suspicious website that looks too good to be true, installing it could be a bad idea because it is likely bundled with something malicious.