While they’re much less vulnerable than their Windows-based counterparts, Macs are still susceptible to contracting malware. Macs have even been infected by Windows-based malware cleverly disguised as award-winning titles like Adobe’s Flash Player. In fact, malware disguised as Flash Player is “particularly favored” among nefarious actors trying to exploit macOS machines, 9to5mac notes.
And while software like Malwarebytes is designed to scan for and remove potentially malicious software automatically, according to a blog post published by the security firm this week, there’s a new and much more aggressive variant of Flash Player malware currently on the loose — described in the post as a version of Crossrider adware capable of protecting itself from removal.
Essentially, the downloadable Flash plug-in is capable of changing the home page in both Apple’s Safari and Google’s Chrome web browser on macOS computers and, disturbingly, won’t allow users to change it back once it’s installed.
“After removing Advanced Mac Cleaner, and removing all the various components of Crossrider that have been littered around the system, there’s still a problem. Safari’s homepage setting is still locked to a Crossrider-related domain, and cannot be changed,” the firm explains, noting how “It turns out that this is caused by a configuration profile installed on the system by the adware.”
“Configuration profiles provide a means for IT admins in businesses to control the behavior of their Macs. These profiles can configure a Mac to do many different things, some of which are not otherwise possible.”
How to Delete Crossrider Malware and Restore Your Mac
As the firm explains, locating and deleting the installed Crossrider profile once it’s been installed can be tricky — but it’s still possible to erase, and restore your system/web browser back to its original settings.
Open System Preferences from your Mac desktop and click the Profiles icon. NOTE: if there’s no Profiles icon, then you don’t have any profiles installed, which is normal, according to Malwarebytes.
“This profile installs with an identifier of com.myshopcoupon.www, which is not visible in System Preferences,” the firm explains. “However, the profile can definitely be identified by scrolling through the details and looking for references to chumsearch[dot]com.”
To read more on this malware and how to properly identify and remove it if you’ve recently downloaded the Adobe Flash player specified, click here.